Breach details
| What | Failure to meet the requirements of section 7 of the Act. |
| How much | One complaint. |
| When | 21 July 2011 |
| Why | The Council failed to respond to a subject access request within the 40 days prescribed period. The Commissioner found that there were systematic failures to meet section 7. |
Regulatory action
| Regulator | Undertaking to comply with the sixth data protection principle |
| Action | ICO |
| When | 28th August 2013. |
| Details | The Council shall immediately set up clearly defined and managed procedures for dealing with subject access requests and provide staff with the appropriate training. This should include measures for the storage of paper records to ensure that subject access requests are responded to promptly and appropriately. |
Links
| View PDF of the Cardiff City Council Undertaking (Breach Watch Archive) |
| View PDF of the Cardiff City Council Undertaking (Via ICO Website) |
Follow Up
| The ICO conducted a follow up assessment on 7 March 2014 (published on 14 March). |
| View PDF of the Cardiff City Council Undertaking Follow Up (Breach Watch Archive) |
| View PDF of the Cardiff City Council Undertaking Follow Up (Via ICO Website) |