Met police hit with enforcement notice over data request backlog

ICO says it has evidence of a 'systemic failure' to handle SARs from the public

Met Police

The Information Commissioner's Office has issued two enforcement notices to the Metropolitan Police Service after the regulator learned that backlog of over 1,700 requests for copies of data from UK citizens had been left unanswered.

The subject access requests, which are a legal right under UK and EU data protection regulations, allow individuals to request access to their data and receive it within one month. However, it has emerged that as many as 1,169 requests to the police service are now beyond the statutory response deadline. What's more, a further 689 requests are said to be more than three months old.

Advertisement - Article continues below

Two enforcement notices have been required in this instance, according to the ICO, one covering both the Data Protection Act 2018 (and by extension GDPR) and another covering the older Data Protection Act 1998, as some of the requests were made prior to 25 May 2018.

The backlog has been described as a "cause for concern" by the UK data watchdog, and "evidence of a systemic failure to respond to subject access requests". The ICO added that the Met Police has ultimately "failed in its data protection obligations".

It has now ordered the Met Police to respond to all SARs and clear its backlog by September 2019, otherwise, it could face further sanctions, including a GDPR-scale financial penalty of 20 million.

Advertisement
Advertisement - Article continues below

It has also been ordered to make changes to its internal systems and policies to ensure that data subjects are kept up to date on any delays to their SAR, and to provide information on how the backlog is being addressed.

Advertisement - Article continues below

The ICO acknowledges that the introduction of the General Data Protection Regulations (GDPR) in May 2018 brought with it an "unprecedented rise in demand" by the public for access to data, placing strain on public services and organisations to respond in a timely manner.

Data released in May found that the majority of organisations had experienced a rise in SARs, the majority of which were from their own employees.

However, the ICO said that because of the "fluctuating backlog" of requests, and because of a number of meetings and correspondence with the Met Police that ultimately proved to be "ineffective", the ICO has decided that enforcement action is required to "encourage compliance".

The Met Police confirmed to the ICO that it has a recovery plan in place and that senior officers are committed to handling the backlog over the next few months.

A failure to respond to a subject access request is considered a serious matter by the ICO, as it not only prevents a data subject from understanding how their data is being processed by an organisation, but it also prevents them from exercising additional rights based on that information.

The ICO has encouraged all organisations to review their processes for handling SARs, and ensure they are able to respond within the statutory time limit.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020