Font Size

Too many consumers being denied access to their information says ICO

 By

The Information Commissioner’s Office

Business Articles
Submit Articles   Back to Articles

Issued 27 January 2012

Too many consumers are being denied the right to access the information that companies or public bodies hold about them, Information Commissioner, Christopher Graham, said today.

Speaking on the eve of the 6th annual European Data Protection Day, Mr Graham said that complaints about mishandled subject access requests in the last financial year accounted for over a third (38%) of the ICO’s total data protection specific casework. In order to resolve this issue, the ICO has today launched an awareness-raising campaign called Access Aware.

Information Commissioner, Christopher Graham said:

“Organisations that handle personal information need to remember that customer records are not simply their property - the individuals who do business with them also have rights. We are seeing far too many complaints that could easily have been avoided if they’d been given serious and timely consideration.

“The result of mishandling requests is not simply a blip on customer service satisfaction levels, it can cause individuals a great deal of upset. The people who are making these requests are not doing it for fun; the vast majority are seeking resolutions to real problems – such as being refused credit or making important decisions about their health. I hope businesses and bodies that handle personal data use European Data Protection Day as a prompt to think about ways to improve their subject access request handling. Our Access Aware materials have been designed to help them do just that.”

Access Aware is one of the first outcomes of the ICO’s information rights priority work. Banking and finance companies as well as health bodies have been identified as the worst performing sectors in relation to handling subject access requests. A more general problem around access to employee records has also been noted across all sectors.

The sector that continues to generate the most complaints about subject access requests is lenders. In 2010/11, over a third (34%) of completed data protection specific complaints concerning financial institutions were about mishandled subject access requests.

Health bodies and policing and crime organisations have also continued to generate a high level of subject access related complaints. In 2010/11, almost half (45%) of data protection specific complaints about health bodies concerned mishandled requests. In the same year, 34% of data protection specific complaints in the policing and criminal justice sector were about subject access.

The Access Aware campaign aims to promote awareness of what a subject

access request looks like and what to do if one is received. Requests can be received by anyone working in an organisation and can take many forms – from a detailed email asking for specific information to a single sentence within a more general complaint letter. Requests must be answered within 40 calendar days.

Some organisations may choose to charge a fee for handling a subject access request. The maximum fee that most organisations can charge is £10.

Further guidance and information on subject access requests is available on the ICO’s website here: http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_6/access_to_personal_data.aspx

More information on the Access Aware campaign is available on the ICO’s website here:

http://www.ico.gov.uk/tools_and_resources/access_aware_toolkit.aspx

If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.gov.uk.


About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004



Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2012-01-31 13:11:27 in Business Articles

All Articles

Copyright © 2004-2019 Scopulus Limited. All rights reserved.