(Data Subject Access Request)
Under UK law, individuals (Data Subjects) have the right to obtain all 'Personal Information' held by a Firm, Body, Organisation, Regulator etc. (Data Controllers). I have constructed, with advice from various Counsel, a template 'Data Subject Access Request'. Download, customise accordingly and send to the Data Controller from which you want your 'Personal Information'.
ICO GUIDANCE TO DATA CONTROLLERS
"Access to information held in complaint files"
I have found that Data Controllers across the spectrum of industries and sectors will particularly seek to withhold 'Personal Information' they have that is relevant to a complaint that an individual (Data Subject) has made. Indeed, it will likely contain information they most definitely don't want you to see. However, it is all information relevant to YOU and YOUR complaint, and the Data Controller's forming of an opinion about YOU, and relevant to the way in which they propose to treat YOU. It is therefore YOUR 'Personal Information' and they must disclose it. This file is the ICO guidance for firms specific to 'Complaints Files'. Refer to it if the Data Controller seeks to withhold any such information from you.
LLOYDS BANKING GROUP LETTER
(LBG define 'Personal Information')
I am repeatedly finding that Banks and large firms are, on an industrial scale, withholding 'Personal Information' of individuals. This letter was sent to me by Lloyds Banking Group and helpfully confirms their understanding of that which constitutes 'Personal Information'. Feel free to use this in the event that LBG, or any other bank, firm or body seeks to apply an interpretation of data law that is not consistent with this understanding. If this is included within LBG's definition of 'personal Information' it must be specific to UK Data Law and therefore within the definition for all Data Controller's.