<h2>Hi</h2>

ICO consults on subject access code of practice

13 Dec 2012 03:13 PM

The ICO has launched a consultation on a new draft code that will help organisations handle subject access requests, while supporting the public in taking control of their personal information.

Under the Data Protection Act, anyone has the right to find out what information an organisation holds about them by making a subject access request. This right allows individuals to find out important information ranging from details recorded on their credit history to data included in their health record. Once received, an organisation normally has forty days to reply to the request.

During the last financial year, the ICO handled nearly 6000 complaints from individuals unhappy that organisations were not complying with the law by allowing them to view their file – more than any other type of complaint. The final version of the code will aim to clear up any confusion, by clearly and simply explaining an organisation’s legal responsibilities and individuals’ rights under the Act. 

Announcing the start of the ICO’s consultation, David Smith, Deputy Commissioner and Director of Data Protection, said:

“At a time when organisations are collecting more and more of information about us, whether online or offline, subject access requests play an increasingly important role in helping us take control of our personal information. They can also benefit organisations by highlighting inaccuracies in their records and giving them the opportunity to update the information they keep about us.

“We have published the draft subject access code on our website to provide an early indication of what our guidance will look like. We would now like to hear from individuals and organisations who have experience with handling or making subject access requests to see where they believe the draft code could be improved. We will then publish a final version of the code in Spring 2013.”   

Further information is available on the ICO’s consultation page. The closing date for this consultation is 21 February 2013.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
 
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection