Data protection act- Section 4 access request

[Jumpstartdublin]

does anyone know about requirement from data controller to require the requestor's postal address. The request is being made to a USA outlet shop in city and is being processed by their US based legal team. The requestor's provided identification proof and asked that she could collect the data material at the city branch. They said not permitted and must be sent by registered post.

 

[Thirsty]

Doesn't sound wholly unreasonable to me.

 

[Jumpstartdublin]

Not sure that they should request extra unnecessary data on a customer, when they don't require such from all their customers.

 

[Thirsty]

requesting proof of ID seems entirely reasonable - otherwise I could do a DAR on my next door neighbour. Also not unreasonable to send by registered post, particularly if it's sensitive data. In my view the data controller is being entirely prudent. I don't understand what the objection is?

 

[Branz]

The DC needs to be in control of the data from end to end so registered post seems a reasonable way to do this.
Whose Section 4 are we talking about here: Uncle Sam or our lot?

 

[Jumpstartdublin]

Confused that they will not allow collection. In a sensitive matter, one would not like them to know personal address. ID issue is wholly accepted and agreed

 

[Slim]

I'm going to assume that this relates to US company operating in Ireland? Therefore, Irish DP aw applies. There is nothing in the DPA about having to post the information. If it is a real issue for you, contact the Data Protection Commissioner and explain that the company is unfairly attempting to obtain your personal address.

 

[Jumpstartdublin]

After 10 attempts, the company agreed to allow collection at their Irish attorney's office. Expect the nudge from the DPA office helped them see the error of their ways.