Summary
In the UK, if a chief executive finds that a director has edited or deleted a Subject Access Request (SAR), they should document the incident, inform the Data Protection Officer (DPO), assess the breachs impact, and report it to the Information Commissioners Office (ICO) within 72 hours if necessary. Breaches posing a risk to individuals rights and freedoms must be reported to the ICO. If a data subject discovers their SAR has been edited or deleted, they should contact the DPO, request an explanation, and report to the ICO if unsatisfied. Routine HR support does not fall under legal privilege unless related to legal advice or litigation. Communications before litigation must meet specific criteria to qualify for litigation privilege. If communications are withheld in a SAR, the data subject should contact the organization, request clarification, and report to the ICO if needed.Full Conversation
If a chief executive finds a director has edited or deleted a SAR what should they do?
In the UK, if a chief executive finds that a director has edited or deleted a Subject Access Request (SAR), they should:
- Immediately document the incident.
- Inform the Data Protection Officer (DPO) or equivalent.
- Assess the breach's impact on data subjects.
- Report the breach to the Information Commissioner's Office (ICO) within * hours if necessary.
Where are you located in the UK for more specific guidance on reporting?
What breaches need to be reported to ICO?
In the UK, breaches that need to be reported to the Information Commissioner's Office (ICO) are those that pose a risk to the rights and freedoms of individuals. Examples include:
- Loss of personal data.
- Unauthorised access to personal data.
- Accidental or unlawful destruction of personal data.
- Data theft.
Where are you located in the UK for more specific guidance on reporting?
London
If you're in London and need to report a data breach to the Information Commissioner's Office (ICO), here's the contact information:
Information Commissioner's Office
Phone: * * *
Website: www.ico.org.****Do you need guidance on how to document the breach or any other assistance?
What does the data subject do on discovering the editing of a SAR?
In the UK, if a data subject discovers that their Subject Access Request (SAR) has been edited or deleted, they should:
- Contact the organization’s Data Protection Officer (DPO) or equivalent.
- Request an explanation and a copy of the original SAR.
- Report the issue to the Information Commissioner's Office (ICO) if unsatisfied with the response.
Is there anything else you need help with regarding this issue?
Does routine hr support for an employer where their may be grievances come under legal privilege or litigation privilege?
In the UK, routine HR support involving grievances generally does not fall under legal privilege or litigation privilege unless it is directly related to obtaining legal advice or is part of ongoing litigation.
Would you like more detailed information on legal privilege or have other questions regarding HR matters?
Litigation has since started but at least 7 months after
In the UK, once litigation has commenced, communications and documents created for the purpose of litigation may fall under litigation privilege. This includes documents and communications specifically prepared for use in legal proceedings.
~Information Commissioner's Office
Phone: * * *
Website: www.ico.org.****
Would you like more information on how litigation privilege applies to your situation?
They were communications before litigation
In the UK, for communications made before litigation to qualify for litigation privilege, they must meet certain criteria:
- The communication or document must have been made with the dominant purpose of being used in the litigation.
- Litigation must be in reasonable contemplation at the time.
Would you like more information on how to establish if litigation was in reasonable contemplation?
Yes
In the UK, to establish if litigation was in reasonable contemplation, consider the following:
- **Nature of the Dispute**: Assess if the dispute had escalated to a point where litigation was a probable outcome.
- **Communication Content**: Review if the communication indicates preparation for potential litigation.
- **Actions Taken**: Consider steps taken by the parties that suggest litigation was being anticipated.
Would you need help with examples or any specific case details?
When being withheld in a SAR how does the data subject get these communications?
In the UK, if a data subject's communications are being withheld in response to a Subject Access Request (SAR), they can take the following steps:
- **Contact the Organization**: Reach out to the Data Protection Officer (DPO) or equivalent to request the specific communications.
- **Request Clarification**: Ask for an explanation of why the communications are being withheld.
- **Report to ICO**: If unsatisfied, report the issue to the Information Commissioner's Office (ICO).
Would you like more details on how to contact the ICO or any other assistance?
TRY ME!
Start a new chat