Brands must not treat customer data as simply their own property – customers also have the right to know what information is held about them, the data watchdog has warned, following a sharp rise in the number of
complaints.
Speaking on the eve of the 6th annual European Data Protection Day, Information Commissioner Christopher Graham Graham said that complaints about mishandled data access requests in the last financial year accounted for over a third (38%) of the regulator’s total data protection specific casework.
To resolve this issue, the ICO has launched an awareness-raising campaign called Access Aware.
Graham said: “Organisations that handle personal information need to remember that customer records are not simply their property – the individuals who do business with them also have rights. We are seeing far too many complaints that could easily have been avoided if they’d been given serious and timely consideration.”
He claimed the result of mishandling requests is not simply a “blip on customer service satisfaction levels”, it can cause individuals a great deal of upset.
People who are making these requests are not doing it for fun; he stressed, the vast majority are seeking resolutions to real problems – such as being refused credit or making important decisions about their health.
“I hope businesses and bodies that handle personal data use European Data Protection Day as a prompt to think about ways to improve their subject access request handling. Our Access Aware materials have been designed to help them do just that.”
Access Aware is one of the first outcomes of the ICO’s information rights priority work. The sector that continues to generate the most complaints about subject access requests is lenders. In 2010/11, over a third (34%) of completed data protection specific complaints concerning financial institutions were about mishandled subject access requests.
Health bodies and policing and crime organisations have also continued to generate a high level of subject access related complaints. In 2010/11, almost half (45%) of data protection specific complaints about health bodies concerned mishandled requests. In the same year, 34% of data protection specific complaints in the policing and criminal justice sector were about subject access.
