Tag Archives: ICO

New DSAR guidance from ICO – handle with care (UK)

By David Whincup on October 22, 2020 Posted in Data Protection, Guidance

Back in March we posted here an explanation of why the “manifestly unfounded” exception to an employer’s DSAR obligations was perhaps less helpful than the ICO’s then guidance suggested. Now there is some new ICO guidance out this week which probably does move the needle slightly more usefully in favour of the employer.… Continue Reading

Coronavirus questions for employers, Part 1 (UK)

By David Whincup on March 13, 2020 Posted in Employee Welfare, Privacy, Sickness

The big-picture information about Coronavirus being issued by the Government at present is all well and good, but it does not (in fairness, cannot) address the multitude of little spin-off questions arising for employers every day. We held a webinar on this earlier this week, with members of our Employment, Commercial, Data and Health & … Continue Reading

Welcome pragmatism from UK’s ICO on disclosure of employees’ virus exposure

By David Whincup on March 13, 2020 Posted in Employee Welfare, Privacy

Some new clarification from the Information Commissioner’s Office yesterday about that grey area between individual privacy rights on the one hand and the public interest on the other. Against the background of the Coronavirus crisis (and perhaps recognising that any other position would be politically terminal), the ICO has made it clear that even though … Continue Reading

More promise than reality in ICO guidance on refusing DSARs (UK)

By David Whincup on March 6, 2020 Posted in Data, Dismissal, Grievance, Privacy

Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “manifestly unfounded” (and can therefore be batted away by the employer) appear two examples, where:… Continue Reading

ICO tightens screw on DSAR deadlines, possibly (UK)

By David Whincup on January 6, 2020 Posted in Data, Guidance, Privacy

Unheralded and unannounced, recently revised GDPR guidance from the ICO removed one small source of comfort for employers facing DSARs from employees. It used to say that the 30-day time limit was paused, the clock stopped, if you asked the requester for information to clarify his DSAR and it was not provided. This was not … Continue Reading

Archive or delete? The UK data protection consequences

By David Whincup on September 2, 2013 Posted in Data Protection

Every employer will recognise the sinking feeling which accompanies receipt of a data subject access request from a current or former employee. Not only is it a fair indicator that he is considering doing something unpleasant to you, but you face also the prospect of wading through your entire server, waist-deep in irrelevancies, to find … Continue Reading