Enforced subject access requests now a criminal of

0370 270 6000

Search Mobile

collapse

already registered?

Please sign in with your existing account details.

Email address

Password

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

Forgotten your password?

collapseSign

Home

Insights & events

Resources

Blogs

Enforced subject access requests now a criminal offence

13 March 2015

Since 10 March 2015 it has been a criminal offence, under s. 56 of the Data Protection Act 1998, to require individuals to make enforced subject access requests (SAR) whereby individuals’ provide personal information (including criminal records and cautions) to secure employment, goods, services or facilities.

The aim is to ensure such information is obtained through the Disclosure and Barring Service, shielding individuals from excessive disclosure of personal data that certain third parties may have no legitimate access to.

Enforced SARs remain permissible under rule of law or court order or if it is justifiable in the public interest. ICO guidance states “extremely strong justification” is needed to rely on the latter exception. For example the prevention or detection of crime would not benefit from the public interest defence due to the existence of formal criminal record checking procedures.

Organisations should ensure information related to individuals’ convictions and cautions is obtained through legitimate procedures as the offence can lead to an unlimited fine.

Related opinions

Fire and Re-hire

In late March, P&O Ferries made 800 members of staff redundant instantaneously and with no notice, to then go on to replace them with cheaper agency workers. This sparked wide range shock and triggered government interest in introducing a new statutory code of practice covering fire and rehire.

View blog