MILLOM without PARISH COUNCIL
Revised & adopted by Full Council on New Revision date
Individuals have the right to know what data is held on them, why the data is being processed and whether it will be given to any third party. They have the right to be given this information in a hard copy. This is known as a ‘subject access request’ or “SAR”.
What must be done in the event of a SAR
1. On receipt of a subject access request it must be copied immediately to all councillors and the Clerk if a councillor has received the request.
2. The Clerk must correctly identify whether a request has been made under the Data Protection legislation.
3. The Clerk and the councillor, who receives a request to locate and supply personal data relating to a SAR must make a full exhaustive search of the records to which they have access.
4. All the personal data that has been requested must be provided unless an exemption can be applied.
5. A response must be sent within one calendar month after accepting the request as valid.
6. Subject Access Requests must be undertaken free of charge to the requestor unless the legislation permits reasonable fees to be charged.
7. Councillors must ensure that the staff they manage are aware of and follow this guidance.
8. Where a requestor is not satisfied with a response to a SAR, the council must manage this as a complaint.
1. All councillors and the Clerk should be notified upon receipt of a request.
2. The Clerk must ensure a request has been received in writing where a data subject is asking for sufficiently well-defined personal data held by the council relating to the data subject. The personal data requested should be clarified with the requestor. They must supply their address and valid evidence to prove their identity. The council accepts the following forms of identification (*These documents must be dated in the past 12 months; +These documents must be dated in the past 3 months):
• Current UK/EEA Passport
• UK Photocard Driving Licence (Full or Provisional)
• Firearms Licence / Shotgun Certificate
• EEA National Identity Card
• Full UK Paper Driving Licence
• State Benefits Entitlement Document*
• State Pension Entitlement Document*
• HMRC Tax Credit Document*
• Local Authority Benefit Document*
• State/Local Authority Educational Grant Document*
• HMRC Tax Notification Document
• Disabled Driver’s Pass
• Financial Statement issued by bank, building society or credit card company+
• Judiciary Document such as a Notice of Hearing, Summons or Court Order
• Utility bill for supply of gas, electric, water or telephone landline+
• Most recent Mortgage Statement
• Most recent council Tax Bill/Demand or Statement
• Tenancy Agreement
• Building Society Passbook which shows a transaction in the last 3 months and your address
3. Depending on the degree to which personal data is organised and structured, it will be necessary to search emails (including archived emails and those that have been deleted but are still recoverable), word documents, spreadsheets, databases, systems, removable media (for example, memory sticks, floppy disks, CDs), paper records in relevant filing systems etc.
4. It is not permitted to withhold personal data because the council believes it will be misunderstood; instead, an explanation should be provided with the personal data. The personal data must be provided in an “intelligible form”, which includes giving an explanation of any codes, acronyms and complex terms. The personal data must be supplied in a permanent form except where the person agrees or where it is impossible
or would involve undue effort. The council may be able to agree with the requester that they will view the personal data on screen or inspect files at a location agreeable to both the requester and the Clerk. Exempt personal data should be redacted from the released documents and an explanation provided as to why that personal data is being withheld.
5. Procedures should be clear on forms and on the council website.
6. A database should be maintained allowing the council to report on the volume of requests and compliance against the statutory timescale.
7. Raising awareness of how to deal with SARs should be through the use of induction, performance and training, as well as through establishing and maintaining appropriate day to day working practices.
8. When responding to a complaint, the Clerk must advise the requestor that they may complain to the Information Commissioner’s Office (“ICO”) if they remain unhappy with the outcome.