Data Protection Policy: Access to Data
The purposes for which SOAS processes personal data and the types of data processed for each purpose have been registered with the Information Commissioner. Details of SOAS's registration are contained in the Information Commissioner's Register of Data Controllers.
The Data Protection Act gives data subjects the right of access to personal data which SOAS holds about them. Anyone who wishes to exercise this right should apply in writing to the Information Compliance Manager. SOAS charges a fee (currently £10.00) for each Data Protection request, and requires proof of identity to prevent the unlawful disclosure of personal data. For further information about how to submit a request (including the form to use) and how requests are processed, see Requesting Access to Personal Data.
SOAS will respond to subject access requests as quickly as possible, and is required by law to respond within 40 days of receipt of the request, fee and proof of identity. In some cases, SOAS may not release information because the data are subject to exemptions under the Data Protection Act, or doing so would release personal data relating to other individuals. See Requesting Access to Personal Data for further information about the circumstances in which SOAS may not release data.
If the requested data are located and can be released, the data subject will normally be provided with the information in permanent form on paper: e.g. as a printout, photocopy, transcript or transcription.
The Freedom of Information Act does not give individuals any right of access to data relating to themselves. Where a Freedom of Information request requires access to data relating to the person making the request, he/she will be asked to re-submit the request to SOAS as a Data Protection Act request. For further information on how to submit a Freedom of Information Act request and how SOAS processes requests, see Submitting a Freedom of Information or Environmental Information Request.
Staff who receive a request which they believe to be a request for data under the Data Protection Act should pass the request on to the School's Information Compliance Manager as soon as possible (see Data Protection Contacts). It is advisable to pass on all requests where the individual seeks information about themselves, even if they do not mention the Data Protection Act, unless the request is for information which would normally be released as a matter of routine (e.g. requests for transcript are dealt with by the SOAS Registry). Under no circumstances should staff deliberately alter, conceal or destroy data which has been the subject of an access request in order to prevent the release of the data (see Retaining Data).
Last updated December 2007
