Data Protection Act 1998: Guidance for Cabinet Office Staff
Standards and Best Practice Handbook for Government Departments
6. Repeated Subjects Access Requests
Issue
Section 8(3) of the DPA
provides that:
“Where a data controller has previously complied with a request made under
section 7 by an individual, the data controller is not obliged to comply
with a subsequent identical or similar request under that section by that
individual unless a reasonable interval has elapsed between compliance with
the previous request and the making of the current request.”
2. Factors to be taken into account in determining what is a “reasonable
interval” in any case are laid down in section 8(4) of the DPA.
3. The issue is whether there is any scope in section 8(2)-(4) or elsewhere
in the DPA to exempt a data controller from the obligation to provide
permanent copies of personal data where multiple similar and repeated
applications are made by an individual.
Standards
4. Departments should only refuse to comply with repeated subject access
requests where it is clear that no significant changes will have taken
place since the previous request, and that the subject can reasonably be
expected to be aware of that fact.
Recommended best practice
5. Section 8(3) of the DPA cannot be taken to exempt a data controller from
complying with a request under section 7 of the DPA where an individual has
made only one request, even where the request is possibly one of many such
requests made at the same time.
6. There may be scope for invoking section 8(2)(a) of the DPA to exempt a
data controller from providing a copy of the information in permanent form
where to do so would involve disproportionate effort due to the large
number of identical or similar requests received by the data controller at
the same time. In such circumstances arrangements should be made to allow
those making requests to obtain or view the information in some other form.
7. In determining what constitutes disproportionate effort, departments
should take account of the factors given by the Information Commissioner in
her legal guidance.
Data Protection Handbook [PDF, 710KB]
[Top]
