subject access request vs
play

Subject Access Request vs Suspicious Activity Report Richard Field - PowerPoint PPT Presentation

May 15, 2023 •373 likes •626 views

Subject Access Request vs Suspicious Activity Report Richard Field www.aicp.im SARS & DSARS WHAT A DIFFERENCE A D MAKES Richard Field Partner, Appleby (Guernsey) LLP applebyglobal.com SARS & DSARs What a difference a

  1. Subject Access Request vs Suspicious Activity Report Richard Field www.aicp.im

  2. SARS & DSARS WHAT A DIFFERENCE A “D” MAKES… Richard Field – Partner, Appleby (Guernsey) LLP applebyglobal.com

  3. SARS & DSARs – What a difference a “D” makes…. Richard is a Partner in the Dispute Resolution team at Appleby, specialising in corporate, trust and commercial litigation and regulatory matters. His regulatory focus is on data protection, AML and compliance, technology and eGaming. Richard is one of the global leads for Privacy and Data Protection at Appleby and is the Guernsey lead for the firm’s Technology and Innovation practice group. He was described in the 2019 edition of Legal 500 as “comfortably Guernsey’s eminent data protection lawyer”. Richard has written and spoken about GDPR/privacy extensively, both in the Channel Islands and further afield, working on projects including guidance on Guernsey´s data protection regime, co-authoring a guide to the impact of Richard Field GDPR in the Channel Islands and contributing the Guernsey chapter to global law firms and legal subscription databases. Partner | Guernsey He has also provided input to STEP UK on their GDPR guidance for trustees and fiduciary office holders. +44 (0) 1481 755 610 He sits on the States of Guernsey´s GDPR Industry Working rfield@applebyglobal.com Party, is involved in working with the regulator on policy development and is both the chair of the Bailiwick’s Data Protection Association and a qualified GDPR Practitioner. applebyglobal.com 3 7 February 2020

  4. SARS & DSARs – What a difference a “D” makes…. Background • The privacy/public interest dichotomy • Changing landscapes • It won’t affect us, right…?! • Technology and related challenges • Begg v Refinitiv applebyglobal.com 4 7 February 2020

  5. SARS & DSARs – What a difference a “D” makes…. Background • Development of regulatory regimes: • Suspicious Activity Reports (SARs) • Data Subject Access Requests (DSARs) applebyglobal.com 5 7 February 2020

  6. SARS & DSARs – What a difference a “D” makes…. Background • SARs • Proceeds of Crime Act 2008 • Anti-Terrorism and Crime Act 2008 • Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 applebyglobal.com 6 7 February 2020

  7. SARS & DSARs – What a difference a “D” makes…. Background • SARs • Disclosure obligations • Suspicion (know/suspect/reasonable grounds)…. • engaged in activity • property is, or is derived from, proceeds of criminal conduct applebyglobal.com 7 7 February 2020

  8. SARS & DSARs – What a difference a “D” makes…. Background • DSARs • Data Protection Act 2018 • Data Protection (Application of GDPR) Order 2018 • GDPR and LED Implementing Regulations 2018 • Right of access – Article 15 Applied GDPR • Confirmation whether processing • Reg. 43 information • A copy of the personal data • Further copies applebyglobal.com 8 7 February 2020

  9. SARS & DSARs – What a difference a “D” makes…. Background • DSARs • Free (initially) • Response within one month, possible extension up to two months • Limits on right of access • Third party rights (Sch. 9, para 8 Implementing Regulations) • Exemptions (Reg. 44 and Sch.9, para 1 of the Implementing Regulations – tax and crime information – “ likely to prejudice ”) applebyglobal.com 9 7 February 2020

  10. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • HM Treasury guidance (old) • Consider on a case by case basis • Cause prejudice to investigation • Many years ago • Referred to in existing criminal case • JMLSG guidance (also old) • Can take confidential nature into account • MLCOs retain control over process • Consider under new law…. applebyglobal.com 10 7 February 2020

  11. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The Facts • L is a pub-owning barrister, interests in various companies • L had seven accounts with Bank (including sole and joint, business and personal) • Bank froze one account March 2017 • Bank froze all accounts December 2017 and SAR made to NCA • L applied for interim access • Bank unfroze the accounts, 60 days’ notice of closure applebyglobal.com 11 7 February 2020

  12. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The Facts • L submitted DSAR January 2018 seeking “ disclosure of all documents, including electronic documents ” re: decisions to freeze the accounts and to reopen them • Response to DSAR – February 2018, 4 pages of information, unspecified exemptions relied on • L brought claims under DPA, breach of contract and defamation, alleged Bank never had genuine suspicion (para 56) • Bank’s Defence referred to SARs and argued disclosure would amount to tipping off; express contractual and/or implied term re failure to transact applebyglobal.com 12 7 February 2020

  13. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • Disclosure sought under DP regime and CPR (civil procedure) • Data defences • information including decisions to freeze/reopoen accounts is not personal data • exempt • mixed data • not obliged to disclose internal decision making, identities of individuals, etc. applebyglobal.com 13 7 February 2020

  14. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The Decision • Summary judgment application from Bank, disclosure and summary judgment application from L • Various issues not appropriate for summary judgment, including DP issues • Court said Bank’s view of DP position was “flawed” applebyglobal.com 14 7 February 2020

  15. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The Decision • Citing Ittihadieh v 5-11 Cheyne Gardens RTM Co Ltd : • whether data relates to a living individual; and • whether the individual is identifiable from those data • Citing Edem v Information Commissioner (approving ICO’s then guidance) • whether data is “obviously about” an individual • “clearly linked to” an individual and used for the purposes of determining or influencing how the individual is treated • “biographical significance” only kicks in if the above are not met applebyglobal.com 15 7 February 2020

  16. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The Decision • Details of dates, places and content of meetings might be caught (if his accounts were the focus) • Data processed to determine whether to freeze the accounts and/or make a SAR are processed to determine an action in respect of L • Third party (mixed) data issue to be left to trial, inappropriate for summary judgment • DPA claim is for information, NOT documents….! applebyglobal.com 16 7 February 2020

  17. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The Decision • No evidence of prejudice, nor of disclosure breaching confidence • Defamation not suitable for summary determination; qualified privilege would ordinarily apply re bank/NCA communications • Inspection under CPR – not unqualified, discretion re proportionality, fair disposal of case and related matters • Relevant to issues in dispute, disclosure ordered - 14 days for NCA to apply to vary the Order applebyglobal.com 17 7 February 2020

  18. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The upshot…. • Not as problematic as it seems • Settled, so no determination on the wider points • DP regime defences not ruled out • Mixed data still an issue • “protective” SARs not encouraged • Human intervention important, not just automated alerts applebyglobal.com 18 7 February 2020

  19. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The upshot….. • SARs relevant to disposal of claim re suspicion • Confidentiality - 16 and 7 months respectively enough to persuade Court to order disclosure • Intervening period may reduce/eliminate “prejudice” to individual • Review terms and conditions, exclude liability for losses caused by failure to transact applebyglobal.com 19 7 February 2020

  20. SARS & DSARs – What a difference a “D” makes…. Lonsdale v National Westminster Bank plc • The upshot….. • Record retention • Consider evidence regarding “tipping off” • Order to disclose, 14 day period for NCA to apply applebyglobal.com 20 7 February 2020

  21. SARS & DSARs – What a difference a “D” makes…. Isle of Man position • No equivalent case yet • Likely to follow English position • Disclosure obligations • DP obligations - GDPR • Guidance…? applebyglobal.com 21 7 February 2020

  22. SARS & DSARs – What a difference a “D” makes…. Practical steps • Policies • Record keeping • Careful drafting of SARs • Understand the DP implications • Use exemptions • Speak to FIU • Take advice where you’re unsure applebyglobal.com 22 7 February 2020

  23. SARS & DSARs – What a difference a “D” makes…. Any questions? applebyglobal.com 23 7 February 2020

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Example Instantiation: Multics 11 rules affect rights: set to request, release access

Example Instantiation: Multics 11 rules affect rights: set to request, release access

Example Instantiation: Multics 11 rules affect rights: set to request, release access set to give, remove access to different subject set to create, reclassify objects set to remove objects set to change subject

1.33k views • 68 slides
Subject Representation and Access Subject Analysis and Access (SAA) Section Presenters: Andreas

Subject Representation and Access Subject Analysis and Access (SAA) Section Presenters: Andreas

Multicultural Issues and Awareness in Subject Representation and Access Subject Analysis and Access (SAA) Section Presenters: Andreas Oskar Kempf, National Library of Economics, Germany Athena Salaba, Kent State University, USA Session 155:

220 views • 17 slides
Request Documents for Research Identifiable Data Requests: Request Letter 2/7/13 Presented by

Request Documents for Research Identifiable Data Requests: Request Letter 2/7/13 Presented by

Request Documents for Research Identifiable Data Requests: Request Letter 2/7/13 Presented by Sarah Brunsberg ResDAC Technical Advisor Overview of RIF Request Process Access to RIF data requires a formal data request to CMS A request,

239 views • 7 slides
(DARS) September 2019 Fran Hancox, DARS Case Officer DATA ACCESS Data Access Request Service

(DARS) September 2019 Fran Hancox, DARS Case Officer DATA ACCESS Data Access Request Service

Data Access Request Service (DARS) September 2019 Fran Hancox, DARS Case Officer DATA ACCESS Data Access Request Service (DARS) NHS Digital works under legislation, including Health and Social Care Act 2012 Care Act 2014

623 views • 21 slides
REQUEST FOR PROPOSAL (RFP) 013/2015 July 27, 2015 A. RFP no. and Date: B. Subject:

REQUEST FOR PROPOSAL (RFP) 013/2015 July 27, 2015 A. RFP no. and Date: B. Subject:

REQUEST FOR PROPOSAL (RFP) 013/2015 July 27, 2015 A. RFP no. and Date: B. Subject: Purchase of Training Courses for ARTC C. Issuing Office/Section: USAID RDMA, Executive Office 25 th Fl, Athenee Tower 63 Wireless Road, Bangkok 10330,

338 views • 4 slides
Dynamic request allocation and scheduling for context aware applications subject to a percentile

Dynamic request allocation and scheduling for context aware applications subject to a percentile

Dynamic request allocation and scheduling for context aware applications subject to a percentile response time SLA in a distributed cloud Keerthana Boloor , Rada Chirkova , Tiia Salo and Yannis Viniotis Department of

526 views • 19 slides
London Police Service 2020 - 2023 Multi-Year Budget (Subject to London Police Services Board

London Police Service 2020 - 2023 Multi-Year Budget (Subject to London Police Services Board

London Police Service 2020 - 2023 Multi-Year Budget (Subject to London Police Services Board Approval) 2020 Request 2021 Request 2022 Request 2023 Request 2019 Net 2020 - 2023 Service Revised Net Increase/ Budget (Decrease) Expense

326 views • 3 slides
CBM and Bill Presentation Quick Reference How do I get access to CBM? How do I get access to

CBM and Bill Presentation Quick Reference How do I get access to CBM? How do I get access to

CBM and Bill Presentation Quick Reference How do I get access to CBM? How do I get access to Bill Presentation? You need to work with your Access Request If you have any kind of Finance access Coordinator to get access to CBM. (besides buying

306 views • 4 slides
Mul$lingual subject access and classifica$on-based browsing through

Mul$lingual subject access and classifica$on-based browsing through

Mul$lingual subject access and classifica$on-based browsing through authority control: the experience of the ETH-Bibliothek Jiri Pika UDC Editorial

595 views • 31 slides
1 - - . ' / .. - ~ ... - _ ~ Request for Access to documents ? 3 HOME A2 - 2016

1 - - . ' / .. - ~ ... - _ ~ Request for Access to documents ? 3 HOME A2 - 2016

Ref. Ares(2016)6009385 - 19/10/2016 1 - - . ' / .. - ~ ... - _ ~ Request for Access to documents ? 3 HOME A2 - 2016 Transparency policy HOME A2 - 2016 4 2 ~ SG . ' , __ _ __ Un_it A2 . ; - .. Competent Unit -------------

1.21k views • 44 slides
Access Improvements Motion No. M2020-20 3/12/2020 Why we are here M2020-20 : Request

Access Improvements Motion No. M2020-20 3/12/2020 Why we are here M2020-20 : Request

Puyallup Station Parking and Access Improvements Motion No. M2020-20 3/12/2020 Why we are here M2020-20 : Request approval for Sound Transit to execute a Development Agreement with the City of Puyallup Inform decision on M2020-20 by

279 views • 9 slides
Summary What now? Getting access to ARCHER Standard research grant Request Technical

Summary What now? Getting access to ARCHER Standard research grant Request Technical

Summary What now? Getting access to ARCHER Standard research grant Request Technical Assessment using form on ARCHER website Submit completed TA with notional cost in Je-S Apply for time for maximum of 2 years ARCHER Resource

301 views • 9 slides
Mission and Services DLAs mission is to enhance the accountability of State and local

Mission and Services DLAs mission is to enhance the accountability of State and local

January 31, 2020 To: Joint Committee on Appropriations From: Marty Guindon, Auditor General Subject: FY2021 budget request for the Department of Legislative Audit This memorandum provides a summary of the budget request for the Department of

268 views • 6 slides
Provide, to Council, a weekly summary of all requests received and the status of each request. 03

Provide, to Council, a weekly summary of all requests received and the status of each request. 03

11111\ RE GIO NA L '-. tJP o MUNICIPALITY Council Policy Fwooo BuFFALO Policy Name: Council Presentation Request Policy Policy No .: LEG-110 Effective Date: October 25, 2011 STATEMENT: Where the subject matter falls within the mandate of

394 views • 4 slides
School of Law 1 Access to the programme is subject to application. An application form can be

School of Law 1 Access to the programme is subject to application. An application form can be

School of Law 1 Access to the programme is subject to application. An application form can be downloaded on the Website of the University of Cergy-Pontoise : http://droitucp.enbeta.fr/droit-llm GENERAL PRESENTATION Presentation of the

467 views • 14 slides
Access to the programme is subject to application. An application form can be downloaded on the

Access to the programme is subject to application. An application form can be downloaded on the

School of Law Access to the programme is subject to application. An application form can be downloaded on the Website of the University of Cergy-Pontoise. www.u-cergy.fr Sections: Etablissement, UFR Droit, International, Studying Law at UCP. 1

297 views • 14 slides
Network Attacks & Control CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen,

Network Attacks & Control CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen,

Network Attacks & Control CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca

538 views • 36 slides
Media Briefing 13th November 2020 #GuernseyTogether Gov.gg/coronavirus COVID-19 New cases in

Media Briefing 13th November 2020 #GuernseyTogether Gov.gg/coronavirus COVID-19 New cases in

Coronavirus Media Briefing 13th November 2020 #GuernseyTogether Gov.gg/coronavirus COVID-19 New cases in the Negative Positive Awaiting Results Bailiwick 21,831 282 79 Since we started Phase 5c on Wednesday 28th October we have

118 views • 10 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 17: Network

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 17: Network

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 17: Network Security Chapter 17: 2 Agenda Net adversary TCP attacks DNS attacks Firewalls Intrusion detection Honeypots Chapter 17: 3

792 views • 62 slides
Mnemonic Devices Can Exemplar Case Make you a Better Clinician! Ms J is a 57 yo

Mnemonic Devices Can Exemplar Case Make you a Better Clinician! Ms J is a 57 yo

Finding the Sweet Spot Disclosures When Caring for Vulnerable Patients While I am a deeply conflicted person, I have no conflicts of interest to disclose Dean Schillinger MD, UCSF Professor of Medicine in Residence Chief, Division of

282 views • 9 slides
BIND Part 2 pschiu Computer Center, CS, NCTU BIND Configuration named.conf view (1) q The

BIND Part 2 pschiu Computer Center, CS, NCTU BIND Configuration named.conf view (1) q The

BIND Part 2 pschiu Computer Center, CS, NCTU BIND Configuration named.conf view (1) q The "view" statement Create a different view of DNS naming hierarchy for internal machines Restrict the external view to few well-known

753 views • 62 slides
BIND configuration Computer Center, CS, NCTU BIND BIND the Berkeley Internet Name

BIND configuration Computer Center, CS, NCTU BIND BIND the Berkeley Internet Name

BIND configuration Computer Center, CS, NCTU BIND BIND the Berkeley Internet Name Domain system Main versions BIND4 Announced in 1980s Based on RFC 1034, 1035 Deprecated in 2001 BIND8 Released in 1997

765 views • 72 slides
Exelon Corporation (EXC) Jack Thayer, Sr. Executive Vice President and CFO Wolfe e Res esea

Exelon Corporation (EXC) Jack Thayer, Sr. Executive Vice President and CFO Wolfe e Res esea

Exelon Corporation (EXC) Jack Thayer, Sr. Executive Vice President and CFO Wolfe e Res esea earch ch Power er & Ga & Gas Lea eade ders Confer eren ence ce September 18, 2014 Cautionary Statements Regarding Forward-Looking

112 views • 8 slides
Active Power Balance and Inertia Response Laura Ramrez Elizondo Learning Objectives How

Active Power Balance and Inertia Response Laura Ramrez Elizondo Learning Objectives How

Active Power Balance and Inertia Response Laura Ramrez Elizondo Learning Objectives How is frequency control implemented in power systems? What is active power balance? What is the role of inertia in frequency control?

841 views • 8 slides

More recommend