Re; Data Protection Act

<<FOI 1281-10 M Grifiths Acknowledgement Letter.pdf>>
Message sent on behalf of the Freedom of Information Team

The information in this e-mail and any attachments is confidential and may
be subject to legal professional privilege. Unless you are the intended
recipient or his/her representative you are not authorised to, and must
not, read, copy, distribute, use or retain this message or any part of it.
If you are not the intended recipient, please notify the sender
immediately.

HM Revenue & Customs computer systems will be monitored and communications
carried on them recorded, to secure the effective operation of the system
and for lawful purposes.

The Commissioners for HM Revenue and Customs are not liable for any
personal views of the sender.

This e-mail may have been intercepted and its information altered.

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

Ms Griffiths

I refer to your FOI request on 5 March 2010, in which you requested the
following information:

"1. How many requests do you get under the DPA each year?
2. How do you verify the authenticity of DPA requests?
3. Do you conduct regular DPA audits / have an auditing policy?
4. Do you maintain data on errors in information covered by the
DPA?
a. If so, please provide data for the past 5 years."

Our response to your points is as follows:

1. Of the requests for information we receive in a year, approximately
18,000 will be treated as Subject Access Requests (SARs) under the DPA.

2. We have interpreted this point as referring to how we would confirm
the identity of a requestor. Most of the SARs we receive are from HMRC
customers and, therefore, we will not require any further evidence or
authority to confirm their identity. In some cases, particularly for
those requests made through a third party, we will need the explicit,
written consent of the data subject to enable us to disclose the
requested information.

3. In the light of the other parts of your request, we have interpreted
this point as relating to audits of how we handle SARs, rather than any
other aspect of the DPA. I can confirm that we do not have an auditing
policy for this area, and do not conduct regular audits.

4. If, in response to a SAR, an individual contacts us (or the ICO)
about errors in the information, we will correct the errors. However, we
do not keep statistics on how many times this has happened.

If you are not happy with this reply you may request a review by
emailing '[email address]'. You must request a review within
2 months of the date of this letter. It would assist our review if you
set out which aspects of the reply concern you and why you are
dissatisfied.

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a
decision. Generally the Information Commissioner cannot make a decision
unless you have exhausted the review procedure provided by HMRC. The
Information Commissioner can be contacted at the Information
Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF. E-mail: [email address].

Thanks

Aidan Callan
FOI Team
Room 1C/25, 100 Parliament St., London SW1A 2BQ
[email address]

The information in this e-mail and any attachments is confidential and may be subject to legal professional privilege. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. If you are not the intended recipient, please notify the sender immediately.

HM Revenue & Customs computer systems will be monitored and communications carried on them recorded, to secure the effective operation of the system and for lawful purposes.

The Commissioners for HM Revenue and Customs are not liable for any personal views of the sender.

This e-mail may have been intercepted and its information altered.

show quoted sections