ICO Updates Standards for Subject Access Requests in the Care System
People in the U.K. care system are too often prevented from seeing their records, Information Commissioner John Edwards said Tuesday in updated standards on responding to subject access requests.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The DPA's work with those who have care experience "has revealed systemic challenges" that risk harming people trying to access their records, he said. They're often met with "cold bureaucracy, no compassion and long delays."
It's not only those accessing their records who are frustrated, Edwards noted. Frontline staff at local authorities, health and social care trusts and other organizations are trying to get the process right but lack resources and clear guidance on how to respond to requests within the statutory timeframe.
The revised standards cover how to create and look after care records, help people access their records, provide them when requested and improve internal systems to deal with the information. "Technology can also help here," Edwards said. "I encourage you to explore the potential for AI and other technologies to responsibly support requests for records and help gather answers to questions."
The office will focus its regulatory priorities on cases where there are consistent, long delays to access requests and an absence of measures to reduce harm and prevent delays, the ICO said. In deciding what action is appropriate, it will consider the extent to which an organization has applied the care records standards, it added.