What happens next?
You are entitled under the Data Protection Act to receive an answer within 40 calendar-days (not working days) but no-one ever receives a response in that time. The Metropolitan Police is so bad at responding to requests for information that in April 2013, it was one of three public authorities the Information Commissioner’s Office said it planned to monitor over concerns about its timeliness.
If you do not receive a response within 40 days, email the Public Access Office on PublicAccessOffice@met.police.uk and ask for an explanation (see our sample letters for wording).
You may then receive a ‘delay letter’ from them. If you do, we urge you to immediately make a complaint to the Information Commissioner’s Office (ICO) – and to let us know.
Repeated failure to respond to Subject Access Requests is unlawful and makes a mockery of the idea of greater openness and transparency that the Data Protection Act is supposed to encourage.
We want to lobby the Information Commissioners Office to use its enforcement powers against the Metropolitan Police, by showing the number of times the 40 day deadline is routinely ignored. This is why it is important to keep Netpol informed at info@netpol.org so we can apply pressure to the ICO to take action.
Making a complaint about a failure to respond.
The Information Commissioner’s Office has a complaints form that you can download from http://www.ico.org.uk/complaints/getting/complain
You need to return it by post or email with copies of your original Subject Access Request and any correspondence.
Please remember to also contact us if you complain to the ICO and let us know what response you receive.
The ICO usually takes around two weeks just to allocate a case officer and, depending on the complexity of a complaint, can take several months to reach a decision. However, a failure to keep to the 40 calendar-day deadline is not a complicated complaint so if you haven’t heard anything within six weeks, once again let us know at info@netpol.org
What happens if the Subject Access request is rejected?
There are a number of ways that the police can resist providing personal data:
- By claiming that disclosure would be likely to “prejudice ongoing criminal, civil or disciplinary proceedings”
- By claiming disclosure would be likely to “prejudice the prevention or detection of crime”
- By claiming the Subject Access request is a “speculative search”
- By claiming that a request would reveal “third-party personal data”
- By claiming the request concerns unstructured personal data, which the costs of disclosing would exceed the relevant prescribed limit
If you receive a rejection, please contact Netpol at info@netpol.org so that we can seek legal advice.
Back to INTRODUCTION
Netpol 