BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
 |
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | |
Irish Data Protection Commission Case Studies |
||
|
You are here: BAILII >> Databases >> Irish Data Protection Commission Case Studies >> An Garda Síochána: Failure to respond to an access request on time [2006] IEDPC 9 URL: http://www.bailii.org/ie/cases/IEDPC/2006/9.html Cite as: [2006] IEDPC 9 |
||
[New search] [Printable RTF version] [Help]
An Garda Síochána: Failure to respond to an access request on time [2006] IEDPC 9 (13 July 2006)
I received a complaint in July 2005 that GS had failed to satisfy a data subject's request under Section 4 of the Data Protection Acts for access to his personal data.
My Office commenced an investigation which lasted for a period of some eleven months. We established that GS initially provided the data subject with personal data which it had identified from a search of a particular database and of manual files held in the Dublin South Central area. The data subject was concerned that the search had been restricted and he requested that all databases and relevant filing systems held by GS should be searched for his personal data. The GS subsequently informed the data subject that a search of archived files had been conducted and that the personal data which he had sought had been located. They explained that the reason this data had not been located during the initial search was because the file had been archived prior to the introduction of the database. Over the following months, GS released portions of the personal records to the data subject. As part of my investigation of this complaint, I directed my staff to examine all the records and portions of records initially withheld by the GS, pursuant to the Acts. As a consequence of this examination, and a further voluntary release of records to the data subject in June 2006 by the GS following the provision of advice from my Office, I was satisfied that the data subject had received access pursuant to his rights under the Acts.
The fact remains that it took some twelve months from the initial access request before the data subject achieved his full entitlements under the Acts. Section 4(1)(a) of the Acts provides for a maximum response time of forty days to an access request. In this regard, the GS apologised for the delay which they indicated was due in part to a delay in locating the relevant file in the district in which the data subject resides. The data subject requested a formal decision from me in relation to his complaint pursuant to Section 10(1)(b) of the Acts. My decision found that GS had, indeed, contravened Section 4(1)(a) of the Acts in respect of the delay in complying with the data subject's access request. In that decision I stated that "I cannot accept that a delay of this magnitude is acceptable for a body such as GS which has a responsibility to ensure it fully meets its obligations under the Acts especially given the level of sensitive data that it holds." In all other respects, I found that GS had complied with their obligations under the Acts and that the data subject had obtained his access rights. Finally, I considered that the GS should develop a clear policy on data retention and apply for the necessary authorisation to dispose of records that are no longer necessary for operational purposes.
This case highlights the fact that no data controller can consider itself as not bound by the obligations of the Acts. The right of access is an important and fundamental right which every living individual in this State is entitled to exercise in the expectation that data controllers will comply within the forty day time limit.
