ICO guidance on data subject access requests
The ICO has issued new guidance on data subject access requests (DSARs), a subject which apparently takes up a lot of its time in complaints. It clarifies some important points where there is obviously uncertainty amongst employers, including that:
- You need to respond to a DSAR even where someone has entered into a settlement agreement; the person cannot validly waive their information rights.
- You need to respond to a DSAR even if you have complied with disclosure obligations in litigation.
- A search may have to be carried out across social media channels used for business purposes, such as Teams, WhatsApp, Twitter.
- Whilst it is permissible to ask a subject to clarify their request, you should only do this if clarification is genuinely needed and you process a lot of information about the worker.
The guidance gives helpful examples of when business emails might contain personal information and how, where third-party data is also involved, an exercise of assessment and redaction will have to be carried out.
Guidance on the menopause from the British Standards Institute
The British Standards Institute has produced some comprehensive guidance for employers navigating issues to do with the menopause and menstrual health. This is likely to be useful for benchmarking purposes when drafting policies, also when considering workplace adjustments. It should be read alongside the Acas guidance on the menopause. The BSI guidance contains suggestions about how adjustments may be made to the workplace or working routine to accommodate employees experiencing symptoms of the menopause, for example, relaxing uniform rules, changing working patterns and providing access to fans or cooler spaces. Any training provided to managers on how to deal sensitively with such issues should highlight this as an educational and practical resource.