Simplifying Subject Access Requests with Carrie James and Oliver Rear
As always, we kick off this week’s discussion with the news before picking up where we left off a few weeks ago to discuss all things SARs.
In the news this week:
- Crisp shortages due to ransomware: https://www.bbc.co.uk/news/technology-60230077
- Three major oil transport and storage companies across Europe were affected by cyber attacks: https://www.bbc.co.uk/news/technology-60250956
- Meta/FB stock market value slump of circa £170Bn: https://www.bbc.co.uk/news/business-60255088
- Home2Sense fine: aggressive marketing, 200K, MW reckons it works out at 30p a call: https://www.bbc.co.uk/news/uk-wales-60229597
Topics on DSARs:
- We discuss the Economy of redactions, while there are of course plenty of valid reasons to redact things don’t be overly liberal with it. If something shouldn’t be redacted or doesn’t need to be (e.g. an email previously sent or received), don’t redact. Sometimes we can be guilty of being overzealous.
- Properly understanding what is and isn’t personal data (the “Business as Usual exemption”).
- We also discuss how the chronology of the SAR can help when redacting, it’s better to have the earlier material first so the ‘story’ is approaching the present day rather than doing it backwards as it can be harder to keep track of who people are in SARS.
- Some of the best/worst stories from handling DSARs we’ve seen.
- From ironic disasters like when we dealt with a subject who wanted to see all skype conversations as they believed other staff were complaining about them, only to find out they were also complaining about everyone else too.
- Or sharing the positivity that can come out of a SAR. and showing how some people benefit from receiving the information, really old foster care files have been found where the requesters are now in their 50/60s having gone through life with no idea about why they were put into care as a baby.
if you enjoyed today’s session and would like to become part of our growing community with over 850 members who all have a shared goal of Making Data Protection Easy, get in touch with one of the team or email our events organiser Myles: [email protected]