An increasingly common tactic in employment disputes is for the employee to request access to their personal information from the employer under the Data Protection Act 1998 (the "DPA"). Such a request is known as a subject access request ("SAR").
The fact that there is anticipated or ongoing litigation between the parties doesn't, in itself, provide an exemption from responding to SARs, notwithstanding that the courts have separate procedures for the recovery of documents. The data protection watchdog (the "ICO") advises that a failure to respond to a SAR in such circumstances will, unless an exemption applies, constitute a breach of the DPA.
However, the ICO goes on to note that the courts may be reluctant to exercise their discretion under the DPA to order disclosure of information where it is clear the purpose of the request is to fuel separate legal proceedings or where court rules for recovery of documents would be a more appropriate route to obtaining such information. The ICO will also consider such matters in deciding whether to raise enforcement proceedings.
This leaves employers in a difficult position when it comes to responding to SARs in the context of litigation, particularly where the SAR in question is a thinly disguised shopping list of documents required for the litigation. Do they respond to the request and potentially disclose information which a court would not have otherwise required them to provide, or do they refuse and risk the possibility of enforcement action from the ICO? The more the request looks like a "fishing exercise", the more understandable it would seem to "not publish and be damned", although the ICO's guidance hardly gives a clear green light to adopt such a stance.