We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Subject Access Request
Options
longwalks1
Posts: 3,824 Forumite
A friend recently made a SAR at his company, due to various issues over a period of months. Very little came back and he’s since been told by one of those he named in the SAR that they were contacted and asked to forward on any emails they gave with his name on?
Surely this isn’t how the SAR info is gathered? If it is, who in their right mind would forward on any incriminating evidence that they may of written???
Surely this isn’t how the SAR info is gathered? If it is, who in their right mind would forward on any incriminating evidence that they may of written???
0
Comments
-
Wat information is it that has been asked for ?0
-
How else would you do it? It depends how well the company is set up to gather such data, who manages their IT, where it is held etc. If the scope is very wide they can ask for what specific data is required, and/or extend the timeframe. It also depends how aligned their DPO is, and most will be company aligned, not ICO aligned.
Ultimately though you are right, I don't think the ICO has the teeth yet to impose an external data gatherer/auditor. They may right a stern letter but I've not seen any other action taken on SAR failure (so difficult to prove) - happy for someone else to provide some as I'm currently working on SAR processes!0 -
britishboy wrote: »A friend recently made a SAR at his company, due to various issues over a period of months. Very little came back and he’s since been told by one of those he named in the SAR that they were contacted and asked to forward on any emails they gave with his name on?
Surely this isn’t how the SAR info is gathered? If it is, who in their right mind would forward on any incriminating evidence that they may of written???
What information was he expecting to receive?
Anyway I can't believe most companies would forward on information that landed them in hot water. They'd likely just deny it's existence and there isn't much you can really do to prove otherwise.0 -
I’ve read 2 separate articles on SAR, one was a girl worked in the city and requested it and her colleagues had referred to her as ‘miss crazy’ ‘little miss nutcase’ etc and she got a £3m payout, and there have been several cases of companies getting fines heavily for data breaches but not seen anything for failing to provide all the info0
-
-
What information was he expecting to receive?
Anyway I can't believe most companies would forward on information that landed them in hot water. They'd likely just deny it's existence and there isn't much you can really do to prove otherwise.
I’d of thought the GDPR regs would of prevented any cover ups?0 -
I have done a SAR request in a previous job when I had left. It was all rubbish. I know for a fact that if they had done a real job other emails would of come up as I still had friends who worked there who purposely held onto emails that contained my name for this such purpose. These were never sent to me in my request. I wanted to get my own back but in the end I thought the best revenge was just moving on and bettering myself which I have done.
It's a load of old rubbish this gdpr. Companies can get out of it to easily.0 -
britishboy wrote: »Emails referencing his name or initials between 2 specific dates
So what was he expecting? I'm assuming he was aware of some emails he should have received hence the complaint.
You can't just assume information exists. Maybe it doesn't.britishboy wrote: »I’d of thought the GDPR regs would of prevented any cover ups?
Technically they can't retain any information. Proving it is another matter.
As divadee said, it's mostly a smokescreen, a lot of it is unenforceable.0 -
So what was he expecting? I'm assuming he was aware of some emails he should have received hence the complaint.
You can't just assume information exists. Maybe it doesn't.
Technically they can't retain any information. Proving it is another matter.
As divadee said, it's mostly a smokescreen, a lot of it is unenforceable.
Exactly - there is nothing to say anything exsists, and if you dont know about it, how can you prove otherwise?0 -
britishboy wrote: »I’d of thought the GDPR regs would of prevented any cover ups?
What you mean like like any other law prevents all instances of wrongdoing?
Yes there are penalties if companies deliberately flout the law and fail to disclose relevant information. However first they have to get caught. Just like any other law breaking some will feel the chances of being found out are sufficiently low that they will take the risk.
Although the ICO may have significant powers they do not have the resources to raid and scrutinise companies suspected of "minor" law breaking in the vast majority of cases.
What a company will have to do is be a little careful "discovering" and then relying on information they should have disclosed. Although even then they will likely get away with it by claiming it was an innocent mistake.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards