Meant to cover this earlier. Ryan Costello of ProSearch recently wrote about the UK’s new requirement for messaging and social media in SARs and DSARs!
The article (A Right Twist – The UK’s New Requirement for Messaging and Social Media in Subject Access Request Responses, available here discusses how, of the individual rights afforded by the UK’s version of the General Data Protection Regulation, the data subject access request, or DSAR/SAR, has been the most widely exercised and most controversial. Access requests from present and former employees, in particular, have troubled many organizations for some time, given the broad scope (e.g., documentation, emails, files) and contentious nature of many employee DSARs, which are often rooted in a human resources-related issue.
In late May 2023, the Information Commissioner’s Office (ICO) issued updated guidance on access requests, confirming that social media and messaging data are well within the scope of DSARs and must be collected, searched and disclosed pursuant to these requests. That means Facebook, WhatsApp, Twitter and chat channels on Slack and Microsoft Teams.
So, what do you think? Were you aware of the UK’s new requirement for messaging and social media in SARs and DSARs? You are now! Please share any comments you might have or if you’d like to know more about a particular topic.
Disclosure: ProSearch is an Educational Partner and sponsor of eDiscovery Today
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.