Information Commissioner’s Office says the Metropolitan Police Service failed in its data protection obligations by not responding to SARS within a month

The ICO says that as people become more aware of their information rights, it recognises there has been a significant rise in SARs across all sectors, including to police forces and other law enforcement agencies. It also says that it is aware of the administrative impact of the increased workload on police forces in responding to these requests. However, it says, “this should not come at a cost to people’s data rights”.

The ICO says that it has been working with the MPS to address its large SARs backlog. However, in a recent report the MPS indicated that it had more than 1,100 open requests, and nearly 680 are over three months old. In short, the ICO says, the MPS has failed in its data protection obligations by not responding to SARs within a calendar month. Accordingly, it has issued two enforcement notices ordering the MPS to respond to all requests by September 2019.

The ICO has also asked the MPS to make changes to its internal systems, procedures or policies, so that people are kept up to date on any delays that may affect their data protection rights and how the situation is being addressed.

The MPS says that it has a recovery plan in place, and senior officers are committed to addressing the backlog over the next four months. To read the ICO’s blog post in full and for a link to the enforcement notices, click here.