Our website is set to allow the use of cookies. For more information and to change settings click here. If you are happy with cookies please click "Continue" or simply continue browsing. Continue.

Law for Business

Knowhow - guidance - precedents

Loch Employment Law , 04 NOV 2013

Data Protection: Information Rights v Confidentiality Obligations

Pam Loch

Managing Partner


Data Protection: Information Rights v Confidentiality Obligations
Data protection and privacy issues are constantly in the headlines and it can be difficult to keep up to date with the legal position on our rights as individuals to request data and our obligations as businesses when handling data.

Increasingly, individuals are utilising the Data Protection Act 1998 (the "DPA") and sending Data Subject Access Request letters (DSAR's) to their employers to obtain copies of the information that is held about them.

There are strict rules that apply to organisations who receive a DSAR and if an organisation fails to respond to a DSAR correctly, the Information Commissioner's Office (ICO) has authority to issue financial penalties against the organisation in question if they consider there has been any breach of the legislation.

Under the DPA, an organisation is required to take reasonable steps to search for and provide an employee with copies of their personal data. An organisation must provide a response within 40 calendar days of receiving it and the individual is entitled to be:

  • told if any personal data is being held about them;
  • given a description of the data;
  • told for what purposes the data is processed;
  • told the recipients or the classes of recipients to whom the data may have been disclosed and information as to the sources of data.
However before releasing any confidential information, businesses should ensure that they:

  • Have received a valid request (request in writing - includes email);
  • Are satisfied of the identity of the individual. If they are not satisfied, request evidence of their identity;
  • Have received a fee of £10;
  • Know what information they are obliged to provide to the individual and what exemptions may apply.
Given the complex nature of the requirements under the DPA, if you receive a DSAR letter and you do not know how to respond to it, please contact us for further advice. 

Pam Loch, Managing Partner of niche employment law practice, Loch Associates Employment Lawyers and Managing Director of HR Advise Me Limited.  

For more information on Loch Associates Employment Lawyers please go to www.lochassociates.co.uk and for HR Advise Me go to www.hradvise.me
Loch Employment Law
Jordan Publishing Employment Law

Jordan Publishing Employment Law

"exceptional value for money in today's challenging legal environment" John Mitton, PG Legal

Available in Employment Law Online
Jordan Publishing Health and Safety Management

Jordan Publishing Health and Safety Management

"The manual is a must for any employer that needs clear practical advice on managing health and...

Available in Health and Safety Law Online
Subscribe to our newsletters