disability, data protection, activism and other such
I’ve written previously about the Information Commissioner’s assessment of organisations’ compliance with S10 notices. S10 is a mechanism by which a data subject can force a data controller to stop processing his/her personal data, or stop it from processing in a certain way, where such processing is causing substantial, unwarranted damage or distress. Previously the…
The ICO has decided in decision notice FS50559082 (yet to appear on the ICO’s website, so for now check the annotation on WhatDoTheyKnow) that server logs indicating receipt by a public authority’s email server constitute persuasive proof that the authority received the request. 12. The Commissioner notes that there is evidence to show that around…
A few weeks ago, I raised the question of what payment mechanisms a data controller must accept for the payment of the £10 fee for a Subject Access Request. I have had a somewhat protracted discussion with the ICO since – see the addendum to my original post. The Information Commissioner’s Office have finally come…