Category: Information governance

Data controllers’ compliance with Section 10 notices: the ICO now assess.

I’ve written previously about the Information Commissioner’s assessment of organisations’ compliance with S10 notices. S10 is a mechanism by which a data subject can force a data controller to stop processing his/her personal data, or stop it from processing in a certain way, where such processing is causing substantial, unwarranted damage or distress. Previously the…

Read the full article

Proof of email server receipt = proof of receipt of FOI request

The ICO has decided in decision notice FS50559082 (yet to appear on the ICO’s website, so for now check the annotation on WhatDoTheyKnow) that server logs indicating receipt by a public authority’s email server constitute persuasive proof that the authority received the request. 12. The Commissioner notes that there is evidence to show that around…

Read the full article

Payment methods for £10 DPA SAR fee #2

A few weeks ago, I raised the question of what payment mechanisms a data controller must accept for the payment of the £10 fee for a Subject Access Request. I have had a somewhat protracted discussion with the ICO since – see the addendum to my original post. The Information Commissioner’s Office have finally come…

Read the full article