On 21 September 2020 the Information Commissioner’s Office (ICO) published detailed guidance on how organisations should respond to data subject access requests (DSARs). The new guidance supplements the ICO’s “in brief” guidance on DSARs and is intended to provide users with a deeper understanding of how to apply the right of access in practice.
In a welcome decision for employers, the Supreme Court has ruled that an employer was not vicariously liable for a significant data breach committed by a disgruntled employee.
The Court of Appeal has provided welcome guidance for data controllers in cases concerning mixed data.
An employer must only conduct a proportionate search, and give a proportionate response, to data subject access requests it receives.