Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Jersey: JDPA issues formal reprimand to Customer & Local Services Department for access request failure

The Jersey Office of the Information Commissioner ('JOIC') published, on 14 April 2023, a public statement of the Jersey data protection authority ('JDPA'), as issued on the same day, in which the latter imposed a formal reprimand to the Customer & Local Services Department, Government of Jersey, for violations of Articles 8(1)(a), 14(1)(a), 14(1)(b), 27(1), and 28(3)(a) of the Data Protection (Jersey) Law 2018 ('the Law'), following an inquiry initiated in October 2020 by the JDPA.

Background to the public statement

In particular, the JDPA stated that the Customer & Local Services Department failed to respond appropriately and timely to two data subject access requests ('DSAR') to information held by it, failing to provide certain copies of the complainant's information to which they were entitled.

Findings of the JDPA

Further to the above, the JDPA found that, among other things:

  • the Customer & Local Services Department's records management function had significant failings and did not have appropriate resources or systems in place to be able to respond to the complainant's DSARs in an appropriate manner;
  • the initial searches in response to the DSARs were undertaken by a junior officer who lacked appropriate training and knowledge;
  • when the complainant raised concerns about the quality of the DSAR responses (including raising concerns about missing information and inappropriately applied redactions), such concerns were dismissed with little interrogation and the general interactions between the Customer & Local Services Department and the complainant in respect of these issues were poor and not well-managed; and
  • the Customer & Local Services Department showed insufficient appreciation of the significance of some of the problems arising from the processing of personal data which were the subject of the investigation and tended to minimise the effect the processing had on the data subject.

Outcomes

In conclusion, the JDPA highlighted that, if this had been a private sector entity, the JDPA would have considered the imposition of a significant fine in a case of this gravity. However, the JDPA specified that the Law sets out that the JDPA cannot issue administrative fines against public authorities and thus the only sanction available for consideration is the issuing of a formal reprimand. In light of the above, the JDPA issued the aforementioned reprimand and highlighted that the Customer & Local Services Department had 28 days to lodge an appeal before the Royal Court of Jersey.

You can read the public statement here.