Dealing with subject access requests (“SAR”s) under the Data Protection Act 1998 is becoming a regular occurrence for many organisations, particularly banks and their advisors. Processing such requests can take up significant manpower and the costs can be substantial. Whilst designed to allow individuals to access personal data, determine its source, why it is held and who it is shared with, in reality SARs are frequently being used as a fishing exercise for prospective litigation and complaints against institutions such as banks. The recent case of
Dealing with subject access requests (“SAR”s) under the Data Protection Act 1998 is becoming a regular occurrence for many organisations, particularly banks and their advisors. Processing such requests can take up significant manpower and the costs can be substantial. Whilst designed to allow individuals to access personal data, determine its source, why it is held and who it is shared with, in reality SARs are frequently being used as a fishing exercise for prospective litigation and complaints against institutions such as banks. The recent case of