Met police hit with enforcement notice over data request backlog

ICO says it has evidence of a 'systemic failure' to handle SARs from the public

Met Police

The Information Commissioner's Office has issued two enforcement notices to the Metropolitan Police Service after the regulator learned that backlog of over 1,700 requests for copies of data from UK citizens had been left unanswered.

The subject access requests, which are a legal right under UK and EU data protection regulations, allow individuals to request access to their data and receive it within one month. However, it has emerged that as many as 1,169 requests to the police service are now beyond the statutory response deadline. What's more, a further 689 requests are said to be more than three months old.

Two enforcement notices have been required in this instance, according to the ICO, one covering both the Data Protection Act 2018 (and by extension GDPR) and another covering the older Data Protection Act 1998, as some of the requests were made prior to 25 May 2018.

The backlog has been described as a "cause for concern" by the UK data watchdog, and "evidence of a systemic failure to respond to subject access requests". The ICO added that the Met Police has ultimately "failed in its data protection obligations".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It has now ordered the Met Police to respond to all SARs and clear its backlog by September 2019, otherwise, it could face further sanctions, including a GDPR-scale financial penalty of 20 million.

It has also been ordered to make changes to its internal systems and policies to ensure that data subjects are kept up to date on any delays to their SAR, and to provide information on how the backlog is being addressed.

The ICO acknowledges that the introduction of the General Data Protection Regulations (GDPR) in May 2018 brought with it an "unprecedented rise in demand" by the public for access to data, placing strain on public services and organisations to respond in a timely manner.

Data released in May found that the majority of organisations had experienced a rise in SARs, the majority of which were from their own employees.

However, the ICO said that because of the "fluctuating backlog" of requests, and because of a number of meetings and correspondence with the Met Police that ultimately proved to be "ineffective", the ICO has decided that enforcement action is required to "encourage compliance".

The Met Police confirmed to the ICO that it has a recovery plan in place and that senior officers are committed to handling the backlog over the next few months.

Advertisement - Article continues below

A failure to respond to a subject access request is considered a serious matter by the ICO, as it not only prevents a data subject from understanding how their data is being processed by an organisation, but it also prevents them from exercising additional rights based on that information.

The ICO has encouraged all organisations to review their processes for handling SARs, and ensure they are able to respond within the statutory time limit.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/354789/microsoft-pulls-disastrous-windows-10-security-update
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020