Met police hit with enforcement notice over data request backlog

ICO says it has evidence of a 'systemic failure' to handle SARs from the public

Met Police

The Information Commissioner's Office has issued two enforcement notices to the Metropolitan Police Service after the regulator learned that backlog of over 1,700 requests for copies of data from UK citizens had been left unanswered.

The subject access requests, which are a legal right under UK and EU data protection regulations, allow individuals to request access to their data and receive it within one month. However, it has emerged that as many as 1,169 requests to the police service are now beyond the statutory response deadline. What's more, a further 689 requests are said to be more than three months old.

Two enforcement notices have been required in this instance, according to the ICO, one covering both the Data Protection Act 2018 (and by extension GDPR) and another covering the older Data Protection Act 1998, as some of the requests were made prior to 25 May 2018.

The backlog has been described as a "cause for concern" by the UK data watchdog, and "evidence of a systemic failure to respond to subject access requests". The ICO added that the Met Police has ultimately "failed in its data protection obligations".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It has now ordered the Met Police to respond to all SARs and clear its backlog by September 2019, otherwise, it could face further sanctions, including a GDPR-scale financial penalty of 20 million.

It has also been ordered to make changes to its internal systems and policies to ensure that data subjects are kept up to date on any delays to their SAR, and to provide information on how the backlog is being addressed.

The ICO acknowledges that the introduction of the General Data Protection Regulations (GDPR) in May 2018 brought with it an "unprecedented rise in demand" by the public for access to data, placing strain on public services and organisations to respond in a timely manner.

Data released in May found that the majority of organisations had experienced a rise in SARs, the majority of which were from their own employees.

However, the ICO said that because of the "fluctuating backlog" of requests, and because of a number of meetings and correspondence with the Met Police that ultimately proved to be "ineffective", the ICO has decided that enforcement action is required to "encourage compliance".

The Met Police confirmed to the ICO that it has a recovery plan in place and that senior officers are committed to handling the backlog over the next few months.

Advertisement - Article continues below

A failure to respond to a subject access request is considered a serious matter by the ICO, as it not only prevents a data subject from understanding how their data is being processed by an organisation, but it also prevents them from exercising additional rights based on that information.

The ICO has encouraged all organisations to review their processes for handling SARs, and ensure they are able to respond within the statutory time limit.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020