[Misc] Have you ever made a Subject Access Request or a Freedom of Information Request?

[marlowe]

Have you ever made a Subject Access Request under the Data Protection Act or a Freedom of Information Request under the Freedom of Information Act?

If so what was your experience? Was the information given to you as requested or was it witheld or was the information you received not what you requested?

 

[Spicy]

No but I have written replies to them. The information given has to be an accurate account but personal details, like names of members of staff dealing with a subject, are usually redacted.

 

[Superphil]

Yes I have, and I received the information I asked for, with a brief explanation about it too. (Brighton & Hove Council)

 

[Bodian]

Both requested under FoI and responded to FoI. And also the actual subject of an FoI (what travel expenses have I claimed).

The one thing I would take from both is to make sure what is requested is what is provided. As a requester, there is nothing worse than being fobbed off with something that you didn't quite request, or, something like 'we do hold such and such, but it doesn't give the detail you appear to be after'. It's not the respondees role to try and second guess what the requester is after - so just provide, literally, what has been requested.

Having said that, as a respondee, the most irritating thing is vagueness in the question - so there's no harm in asking for clarification. Recently we had a request for 'all correspondence relating to x'. I had to email back and say 'do you literally mean ALL, which could date back to the 1950s and be archived and so on, or do you mean 'only since so and so issue cropped up?'' - but make sure you ask and don't assume they meant 'only....' (which they did).

 

[marlowe]

I made a Subject Access Request to Sussex Police. They were obliged to respond within 30 days in accordance with the Data Protection Act. After two months they still had not responded so I contacted them to draw their attention to the situation. I received a reply informing me that the department which deals with such requests had been cut from 11 members of staff to just 2 and as a consequence my request would not be responded to for at least three months.
This made me wonder, are there that many people making Subject Access Requests to Sussex Police that it requires a team of eleven people to deal with all those requests within the statutory time frame? Also cutting a department down from 11 people to just 2 is one hell of a cut back.

 

[Garage_Doors]

I made a Subject Access Request to Sussex Police. They were obliged to respond within 30 days in accordance with the Data Protection Act. After two months they still had not responded so I contacted them to draw their attention to the situation. I received a reply informing me that the department which deals with such requests had been cut from 11 members of staff to just 2 and as a consequence my request would not be responded to for at least three months.
This made me wonder, are there that many people making Subject Access Requests to Sussex Police that it requires a team of eleven people to deal with all those requests within the statutory time frame? Also cutting a department down from 11 people to just 2 is one hell of a cut back.

What is a Subject Access Request?

 

[Frutos]

What is a Subject Access Request?

Assuming the Sussex Police ones work the same as the ones I'm familiar with in my job, its basically making a request to an organisation to disclose what personal data they hold about you and what it is used for.

 

[Garage_Doors]

Assuming the Sussex Police ones work the same as the ones I'm familiar with in my job, its basically making a request to an organisation to disclose what personal data they hold about you and what it is used for.

Thank you.

 

[Binney on acid]

Yes, through Sussex police. Charged £10 and took over a year to tell me that they couldn’t find the emails that I had requested. They were anonymous and unhelpful. You end up losing the will to live.

 

[happypig]

Made a request to my son's school. They wanted to change the uniform and had a "consultative ballot" of staff, pupils and parents. Everyone I knew wanted one option, the school went for the other option so I put in a request for the number of responses and result of the ballot.
Basically, they stalled and bullshitted me for weeks; First claimied it was confidential then claimed the results had been lost "but it was only consultative and we went with what the staff voted for".
Disappointing, given that the chairman of the governors is (or was) a senior police officer.
In the end the postponed the change for a year (until the children of the troublesome parents had left I reckon).

 

[Horton's halftime iceberg]

Assuming the Sussex Police ones work the same as the ones I'm familiar with in my job, its basically making a request to an organisation to disclose what personal data they hold about you and what it is used for.

Only public bodies (authority's) i.e dealing with publicly funded contracts, you can only write to private companies with subject access requests, for any personal information on yourself. In both cases your request has to be seen as reasonable. Authority's can refuse to respond if no adequate reason is given, then you would have to get a court order or take the issue to the ICO (regulator), https://ico.org.uk/for-organisations/guide-to-freedom-of-information/what-is-the-foi-act/

 

[ManOfSussex]

As I needed clarification for a work related matter I made a Subject Access Request to The Disclosure and Barring Service earlier this year. I did it by post, enclosing a cheque for £10, a bank statement as proof of address and my birth certificate. I received acknowledgement of receipt and my birth certificate and bank statement back within a week and received the results of my request a week later, well ahead of the 40 days they've got to respond in. All in all, I had no problems.

(In case you're wondering The DBS confirmed they hold no personal data about me and no barring information on me as well. )

 

[Audax]

FYI to all responding to this thread: if your experience is from before end of May this year it will now be out of date. The Data Protection Act is now superseded by the GDPR and the rules for SARs have tightened up. For example, the £10 charge that most companies previously charged is no longer allowed unless a request is excessive.

 

[Hiney]

I made a Subject Access Request to Sussex Police. They were obliged to respond within 30 days in accordance with the Data Protection Act. After two months they still had not responded so I contacted them to draw their attention to the situation. I received a reply informing me that the department which deals with such requests had been cut from 11 members of staff to just 2 and as a consequence my request would not be responded to for at least three months.
This made me wonder, are there that many people making Subject Access Requests to Sussex Police that it requires a team of eleven people to deal with all those requests within the statutory time frame? Also cutting a department down from 11 people to just 2 is one hell of a cut back.

It's all the people asking for details on how many people actually attend football matches

 

[Cheshire Cat]

I've answered a few and they are a real pain in the arse. Total distraction from the day job when I have better things to do than pander to someone's obsession about whatever it is they are obsessed about.

 

[Bodian]

Possibly a pain in the arse - but if local authorities and public bodies (and I work for one!) simply answered stuff they were asked like grown ups, instead of hiding bits, obfuscating, and putting only spin approved responses out - then folk wouldn't have to resort to FoI. Sometimes it is the only way to get actual information about even normal things. For instance, we have a promenade which had 'no cycling' signs on it. For years, a number of residents tried to get the council to remove the ban on cycling - and they kept refusing, and muttering about 'too difficult, have to change the byelaws, too much hard work, blah blah". After about three years of asking for the basis behind the byelaw and being fobbed off with nonsense, I simply made a FoI for the byelaw. Turned out there wasn't one in the first place - which was why the council were hiding behind gumph.

They had to remove the prohibition signs, cycling happens on the prom (and for those anti-cyclists out there - in the 5 years since, there hasn't been a single accident between walkers and cyclists).

 

[thedonkeycentrehalf]

Possibly a pain in the arse - but if local authorities and public bodies (and I work for one!) simply answered stuff they were asked like grown ups, instead of hiding bits, obfuscating, and putting only spin approved responses out - then folk wouldn't have to resort to FoI. Sometimes it is the only way to get actual information about even normal things. For instance, we have a promenade which had 'no cycling' signs on it. For years, a number of residents tried to get the council to remove the ban on cycling - and they kept refusing, and muttering about 'too difficult, have to change the byelaws, too much hard work, blah blah". After about three years of asking for the basis behind the byelaw and being fobbed off with nonsense, I simply made a FoI for the byelaw. Turned out there wasn't one in the first place - which was why the council were hiding behind gumph.

They had to remove the prohibition signs, cycling happens on the prom (and for those anti-cyclists out there - in the 5 years since, there hasn't been a single accident between walkers and cyclists).

When I was involved in FOI requests, I never had an issue dealing with genuine requests. The problem was that the majority came from lazy people working for newspapers (refuse to use the term journalists) who would ask for loads of information just to try and find a story.

 

[Kaiser_Soze]

I made a Subject Access Request to Sussex Police. They were obliged to respond within 30 days in accordance with the Data Protection Act. After two months they still had not responded so I contacted them to draw their attention to the situation. I received a reply informing me that the department which deals with such requests had been cut from 11 members of staff to just 2 and as a consequence my request would not be responded to for at least three months.
This made me wonder, are there that many people making Subject Access Requests to Sussex Police that it requires a team of eleven people to deal with all those requests within the statutory time frame? Also cutting a department down from 11 people to just 2 is one hell of a cut back.

Might be worth having a look at the ICO website. Sussex recently got a massive rollocking for not complying within the statutory time frame. If they still aren't complying, then there may be options for further recourse for you.

 

[narly101]

Despite the perceived annoyance and incredibly dull association that GDPR has. The new SAR process (where you cannot be charged for the request) as well as the Right to be Forgotten are two powerful rights for the individual and their personal data.

It puts the onus on organisations to ensure that they are handling your data correctly, otherwise they run the risk of a fine of up to 4% of annual turnover, or 20million euros (whichever is higher).

It's not something that any company, or government organisation should ever just pay lip service to.