The Information Commissioner’s Office (ICO) has issued the justice secretary with an enforcement notice after his department’s failure to process data access requests in a timely manner.
The data protection watchdog claimed that as of July 28 2017, the ministry had a backlog of 919 subject access requests from individuals, some of them dating as far back as 2012.
Despite noting that the ministry had made “some progress” in shifting the backlog, the ICO revealed that even as recently as November 10 there were 793 cases over 40 days old.
Commissioner, Elizabeth Denham, stated that the justice secretary has contravened the Data Protection Act by failing to provide the information requested by the complainants — causing personal damage and distress to them in the process.
She added, in the notice:
“Moreover, the commissioner is of the view that the data controller is contravening the sixth data protection principle to the extent that the systems, procedures and policies in relation to him dealing with subject access requests submitted to the data controller are unlikely to result in compliance with those same requirements under the DPA.”
The enforcement notice gives the ministry until October 31 this year to comply with the outstanding requests, and until January 31 to ensure that changes are made to its internal systems, procedures and policies so that new requests are processed in line with the law.
In a statement responding to the ICO’s enforcement notice, the ministry expressed its disappointment at the privacy watchdog’s decision, claiming it has been working hard to clear the “historical backlog”.
It added:
“We are committed to transparency and improving understanding of how the justice system works but the information we handle is often highly sensitive and we must weigh these interests with our responsibility never to put children, vulnerable victims, witnesses, staff or criminal investigations at risk.”