Tag: Subject Access Request

Section 56 is here! Oh no it isn’t! Oh yes it is!

Section 56 prevents employers from requiring people to use their subject access rights under the DPA to obtain and then provide certain records, as a condition of employment. It also prevents contracts from requiring certain records as a condition for providing or receiving a service. Section 56 does not, however, prevent such requests where the record is required by law or is justified in the public interest.

Section 56 was due to be commenced on 1 December 2014. Commencement was delayed because of a technical issue encountered when finalising arrangement for introduction. This issue has now been resolved.

Section 56 was commenced on 10 March 2015. There is a SI 2015/312, entitled, ‘The Data Protection Act 1998 (Commencement No. 4) Order 2015′.

It makes it a criminal offence to require an individual to make a subject access request and supply it to a potential employer for the purpose of obtaining or continuing in employment. It also relates to a supplier of goods, facilities and services to the public who require the production of a record to access that service. The ICO webinar suggests insurance might be such a case. They also suggest it applies to volunteers who help your organisation even they may not be in employment.

Most practitioners called it Enforced Subject Access. In November 2014 the ICO ran a webinar outlining what this means and it’s worth look. See the webinar on youtube at https://www.youtube.com/watch?v=zTYBvr-tb5U. It’s 36 minutes long so set aside a lunch hour and buy your sandwich first. It does a good job looking into all the minor points and ends up with a few good examples of how it will be used.

It’s quite a logical and straightforward concept. Why on earth would you require someone to produce their police record to progress their application for employment? Certain jobs with vulnerable people involve disclosures from the Disclosure & Barring Service and Disclosure Scotland is widely used but employers in these area know about this. Making people outside these areas obtain and produce a relevant record is clearly wrong.

There are some defences to a Section 56 charge – the usual suspects of under enactment, rule of law, court and also in the public interest but specifically excludes prevention or detection of crime from the public interest.

Now it’s time to watch the webinar, download the ICO guidance from https://ico.org.uk/for-organisations/enforced-sar/ and wait for the first case involving section 56.

Looking for a DP qualification? The Act Now Data Protection Practitioner Certificate is a practical four day course. The syllabus is endorsed by the Centre for Information Rights based at the University of Winchester. 

R.I.P. Tiddles – A Cat’s Tale

Maybe it was when he realised he couldn’t access his medical data (through his human owner); maybe it was the lack of a satisfactory diagnosis; maybe it was feline immunodeficiency virus that caused the lesions on all limbs and the infection in his nose and ears but Tiddles disappeared Tuesday morning at 8 am after a full pouch of Felix salmon in jelly. His owners spent 88 hours ch chewing at the front door but it looked like he’d run away to die (research on google revealed that this was a likely outcome). Friday evening and he turned up out of the blue looking very weak and bedraggled. Following day he was taken to the second opinion who made an appointment for an emergency FIV and leukaemia test at a local animal hospital. Despite a negative test the vet decided that the best advice was to put him out of his misery. He’d lost 35% of his body weight; had difficulty walking, slept 23 hours a day and was wasting away. He was 5 years old. At 1400 on Saturday 10th March Tiddles moved outside the scope of the Data Protection Act although he never had any Principle 6 rights as he failed most of the Durant tests. This post not tagged DP or privacy or SAR or anything. Just a shaggy cat story.

Exit mobile version
%%footer%%