In October, the Information Commissioners office updated sections of the Right of Access guidance; although the current principles still stand, the content is more detailed and descriptive.
This article will be focusing on one of the recent updated contents ‘manifestly excessive and unfounded subject access request’. The ICO website had updated the contents due to many wanting to understand in more detail what the term ‘manifestly excessive and unfounded’ actually meant.
Unreasonable Request
Any employee has the right to request a subject access request about themselves. However, there will be instances when the request is deemed to be unreasonable on the grounds that it is manifestly excessive and unfounded.
The term ‘manifestly unfounded’ has been defined as not being genuine and with no real purpose. An example includes an employee intending to be vexatious. A vexatious employee would regularly pursue the business for information which is irrelevant or has already been investigated and unfounded or simply wanting to harass the employer with no good cause.
The term ‘manifestly excessive’ means requesting a large amount of information or repeating previous requests costing the business more time and money. The ICO have highlighted if the employee is searching for information at a particular time, the employee should ask for data between a certain time period rather than to request an excessive amount of information which is not relevant to their cause.
The controller could charge the employee a fee (at their discretion) due to the administration costs such as supplying a large volume of information for example, cost of photocopying, postage, paper, envelopes. It is up to the employer to decide what is deemed reasonable cost based on the time and materials spent to produce the data required.
With the above in mind, the employer could simply refuse to comply with the request on the basis that the information is ‘unfounded or excessive’ approach. The controller should be able to demonstrate why to the employee (and the ICO if it is pursued).
Should the employee wish to make a formal complaint to the ICO about the refusal, it is their choice and ICO will follow their own protocol to investigate if the employer was unreasonable to decline the subject access request.
The article is for general information purposes only and should you require any further assistance on the matter please do not hesitate to call our advice-line team on 01455 852028.
