Sign up to save your podcasts
Or
Share The first criminal prosecution for 'ignoring' a DSAR: More common than we think?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The first criminal prosecution for 'ignoring' a DSAR: More common than we think?
An individual has been criminally prosecuted for "ignoring" or having "blocked, erased, or concealed" a subject access request. A rare (perhaps unprecedented) case, but Rob wonders if this behaviour is more common than we might think.
This care home director was prosecuted under Section 173 of the Data Protection Act 2018, which makes it a criminal offence to "alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure" following an access request.
He reportedly attempted various unsuccessful defences, ranging from claiming the care home was merely a "building" and not a controller, to stating that the care home's ICO registration had lapsed.
—
Subject access requests can be very stressful.
It can be very painful for people to realise that they must disclose uncomfortable or potentially compromising information they would much rather keep private.
Not to mention the huge request backlogs that many organisations have accumulated, which can invite corner-cutting.
—
This sounds like a particularly bad case, and we might not expect a flurry of prosecutions under Section 174 DPA 2018—but we can reasonably call this one a "learning opportunity".
Please do get in touch if you need additional support with data subject rights management: [email protected]
View all episodes
By treborjnametab1An individual has been criminally prosecuted for "ignoring" or having "blocked, erased, or concealed" a subject access request. A rare (perhaps unprecedented) case, but Rob wonders if this behaviour is more common than we might think.
This care home director was prosecuted under Section 173 of the Data Protection Act 2018, which makes it a criminal offence to "alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure" following an access request.
He reportedly attempted various unsuccessful defences, ranging from claiming the care home was merely a "building" and not a controller, to stating that the care home's ICO registration had lapsed.
—
Subject access requests can be very stressful.
It can be very painful for people to realise that they must disclose uncomfortable or potentially compromising information they would much rather keep private.
Not to mention the huge request backlogs that many organisations have accumulated, which can invite corner-cutting.
—
This sounds like a particularly bad case, and we might not expect a flurry of prosecutions under Section 174 DPA 2018—but we can reasonably call this one a "learning opportunity".
Please do get in touch if you need additional support with data subject rights management: [email protected]