RE: Data Protection - who owns the record by Ibrahim - written 26/05/2010 11:50:55

Hi wendy

the pct is the data controller if it controls or has access to the records. It does not have to own it to have to answer subject access requests.
Wendy Harrison wrote (19/05/2010 11:44:25):

In a situation where an independent provider of health services is closed and a PCT takes over the running and provision of services, who is then legally responsible for the records of staff who were previously dismissed by the independent provider? Personnel records are still on site but what are the legal implications if a subject access request is received for information relating to dismissal from an ex member of staff who has never been employed by the PCT? As the data is still on site, does the PCT now 'own it' and can it be released (subject to 3rd party checks etc) to the data subject? Your thoughts are appreciated, kind regards, Wendy