All law firms are data controllers under the Data Protection Act 1998 (DPA). Two recent decisions of the Court of Appeal highlight the risk that client information held by firms can be vulnerable to disclosure through subject access requests under the DPA. The cases are Dawson-Damer v Taylor Wessing LLP  EWCA Civ 74 and Deer v University of Oxford  EWCA Civ 121. But how great is this risk?
The risk arises when a DPA subject access request is directed to a law firm by someone who is not that firm’s client. The requestor only asks to see their personal data, but that information may well be held in the firm’s client files &ndash...
Continue Reading for less than 70p per day!
This article is part of our subscription-based access. Please pick one of the options below to continue.
Already registered? Login to access premium content