WiredGov Newswire (news from other organisations)
Printable version E-mail this to a friend

Too many consumers being denied access to their information, says ICO

Too many consumers are being denied the right to access the information that companies or public bodies hold about them, Information Commissioner, Christopher Graham, said last week.

Speaking on the eve of the 6th annual European Data Protection Day, Mr Graham said that complaints about mishandled subject access requests in the last financial year accounted for over a third (38%) of the ICO’s total data protection specific casework. In order to resolve this issue, the ICO has launched an awareness-raising campaign called Access Aware.

Information Commissioner, Christopher Graham said:

“Organisations that handle personal information need to remember that customer records are not simply their property - the individuals who do business with them also have rights. We are seeing far too many complaints that could easily have been avoided if they’d been given serious and timely consideration.

“The result of mishandling requests is not simply a blip on customer service satisfaction levels, it can cause individuals a great deal of upset. The people who are making these requests are not doing it for fun; the vast majority are seeking resolutions to real problems – such as being refused credit or making important decisions about their health. I hope businesses and bodies that handle personal data use European Data Protection Day as a prompt to think about ways to improve their subject access request handling. Our Access Aware materials have been designed to help them do just that.”

Access Aware is one of the first outcomes of the ICO’s information rights priority work. Banking and finance companies as well as health bodies have been identified as the worst performing sectors in relation to handling subject access requests. A more general problem around access to employee records has also been noted across all sectors.  

The sector that continues to generate the most complaints about subject access requests is lenders. In 2010/11, over a third (34%) of completed data protection specific complaints concerning financial institutions were about mishandled subject access requests.

Health bodies and policing and crime organisations have also continued to generate a high level of subject access related complaints. In 2010/11, almost half (45%) of data protection specific complaints about health bodies concerned mishandled requests. In the same year, 34% of data protection specific complaints in the policing and criminal justice sector were about subject access.

The Access Aware campaign aims to promote awareness of what a subject access request looks like and what to do if one is received. Requests can be received by anyone working in an organisation and can take many forms – from a detailed email asking for specific information to a single sentence within a more general complaint letter. Requests must be answered within 40 calendar days.

Some organisations may choose to charge a fee for handling a subject access request. The maximum fee that most organisations can charge is £10.

 

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes 
  • Adequate, relevant and not excessive
  • Accurate and up to date 
  • Not kept for longer than is necessary 
  • Processed in line with your rights 
  • Secure 
  • Not transferred to other countries without adequate protection 

4. The ICO is on Twitter, Facebook and LinkedIn. Read more in the ICO blog and e-newsletter.

5. If you need more information, please contact the ICO press office on 0303 123 9070 or ico.gov.uk/press

Free, Secure, Compliant UK Public Sector IT Recycling Service