The Information Commissioner has recently published guidance for businesses dealing with individuals’ requests to view information held about them under the Data Protection Act 1998 (“the Act”).

The guidance takes the form of a checklist, and is aimed at ensuring that requests for information under the Act (“subject access requests”) are dealt with promptly and appropriately.

The checklist works through a series of questions, starting with whether a request falls under the Act at all, and moving on to practical points such as the business’s ability to confirm the identity of the applicant, fee charging, information which needs to be omitted (such as information regarding other individuals) and the mechanics of sending a response.

The guidance can be found at