• Facebook
  • Twitter
  • LinkedIn
Call us now: 01243 836 840   [email protected]
Pure Employment Law
  • Who We Are
    • Nicola Brown
    • Peter Stevens
    • David Jones
    • Debbie Poole
    • Linda Nye
    • Brenda Cherry
  • For Employers
    • Advice on HR and People issues
    • Investigations, Hearings and Appeals
    • Restructuring and Redundancy
    • Defending Employment Tribunal Claims
    • Dismissal of Senior Executives
    • Contracts, Handbooks and Policies
    • Employment Law Training
  • For Employees
    • Settlement Agreements
    • Workplace Issues including Disciplinary and Grievance
    • Bringing an Employment Tribunal Claim
  • Employment Law Events
  • Legal Updates
  • Testimonials
  • Vacancies
  • Contact us
  • Search
  • Menu Menu

Subject access requests – what do we have to disclose?

27th June 2016

Subject access requests are requests made by individuals under the Data Protection Act 1998 to see copies of any data held about them. The main purpose of subject access rights is to enable an individual to check whether their data is being processed unlawfully, in a way which infringes their privacy. Often in an employment context such requests are used to seek disclosure of information that may assist an individual in a potential claim to the Employment Tribunal or court.

One of the biggest headaches around subject access requests in employment is that quite often, employers find they are having to disclose information, such as references, which they had not anticipated an employee ever seeing. You may find our previous articles on references here and here of interest.

When making a subject access request, an individual should include the following:

  • A £10 fee.
  • Evidence to confirm their identity.
  • Any information necessary to locate the information sought.

An employer is not obliged to comply with the request until the above has been provided.

Such requests can be tricky because they can sometimes be quite onerous to deal with (both in time and expense), and there are various rules to navigate about data which could be exempt from disclosure in the employer’s response. In addition, there is a time limit in which an employer must respond to a request – 40 days from receipt of the request. You can see our previous article about subject access requests here.

An interesting example is shown in a case study published by the ICO (Information Commissioner’s Office).

The case study concerned an employee who was having a difficult time in his working relationship with his line manager, and felt he was being treated unfairly. The employee put in an application to transfer to another area of the business, but this was refused.

The employee made a subject access request to see what his line manager had said about him at a meeting where transfer requests were discussed. This revealed that the line manager had made some disparaging remarks about the employee, most of which were opinions, although there was also a comment made about the amount of sick leave taken by the employee.

The employee complained about the remarks and asked for these to be removed from his personnel file. This was refused. The employee then contacted the ICO who advised him to request that a note was put on his personnel file to say he disagreed with the opinions of his line manager. The note was added by the employer. In addition, the employee challenged the sick leave and this did turn out to be a mistake, so the employer corrected the amount of sick leave on his file.

We can guess that the employee’s line manager had really not anticipated his remarks in the meeting ever being seen by the employee, but had he been trained and made aware of data protection requirements he may have acted differently.

The case study also brings us to an important ‘hot tip’ for employers, which is to think carefully about how and why data is held, and what format that data is held in. Sometimes, it may be best to have a telephone conversation or face-to-face discussion rather than written notes or emails. That said, written records can be really helpful in demonstrating that decisions have not been taken for unlawful reasons in the event of claims (such as an employee raising a claim in the Employment Tribunal that their transfer request was refused because they are disabled). Therefore, perhaps of more importance is to ensure staff are trained both in data protection principles and equality, so that records that are generated remain professional and are more likely to be helpful in the event they are disclosed under a subject access request.

You should note that the data protection legislation does allow for some data to be withheld if it meets certain criteria. Employees could not get hold of correspondence employers have made with solicitors (which is exempt by virtue of legal privilege), or where personal data is processed in connection with management forecasting or planning such as a staff redundancy programme before it is announced.

If you have received a subject access request, and you are unsure what data has to be disclosed, then you should seek advice.

If you would like to talk through a situation you are dealing with, or if you need advice on any aspect of employment law, please contact any member of the Pure Employment Law team (01243 836840 or [email protected]).

Please note that this update is not intended to be exhaustive or be a substitute for legal advice. The application of the law in this area will often depend upon the specific facts and you are advised to seek specific advice on any given scenario.
Share this article
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share on Reddit
  • Share by Mail
https://www.pureemploymentlaw.co.uk/wp-content/uploads/2019/02/Pure-Employment-Law-logo.jpg 0 0 Nicola Brown https://www.pureemploymentlaw.co.uk/wp-content/uploads/2019/02/Pure-Employment-Law-logo.jpg Nicola Brown2016-06-27 09:19:332017-11-23 15:15:04Subject access requests – what do we have to disclose?

Join our mailing list

* = required field
Mailing Lists


Recent Legal Updates

  • Can long Covid be a disability? 29th June 2022
  • Employer unfairly counted disability-related absences when dismissing 29th June 2022
  • Did an Employment Tribunal correctly award an uplift for failure to follow the ACAS Code in a sham redundancy case? 29th June 2022
  • Without prejudice negotiations – what is unambiguous impropriety? 29th June 2022
  • Does referring to a man’s baldness at work amount to sexual harassment? 25th May 2022
Link to: Contact Us

Any questions? Why not get in touch!

Our advice is always given in plain English without any waffle, and we focus on providing practical solutions to our clients’ problems.

Contact us

LEGAL INFORMATION

Pure Employment Law | 1 Little London, Chichester, West Sussex, PO19 1PH
[email protected] | Tel: 01243 836840

Pure Employment Law is the trading name of Pure Employment Law Limited, registered in England and Wales with company number 07134294 and whose registered office is 1 Little London, Chichester, West Sussex, PO19 1PH. Pure Employment Law Limited is authorised and regulated by the Solicitors Regulation Authority with registration number 533794. A list of the company’s directors is available for inspection at the registered office

DISCLAIMER

The information contained in this website is for general information purposes only. The information is provided by Pure Employment Law and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

Privacy Policy | Cookies Policy | Terms & Conditions | How to make a complaint | Sitemap

© Pure Employment Law 2022

Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies as defined in our cookie policy.

Accept Cookie Policy

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visit to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Other cookies

The following cookies are also needed - You can choose if you want to allow them:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy
Accept settingsHide notification only