Getting information – SAR
The Information Commissioner (ICO) is an independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
You can ask an organisation to supply you with copies of both paper and computer records and related information. Organisations may charge a fee of up to £10 to process your request.
To obtain the historical data held about you by an organisation, you need to send a Subject Access Request (SAR).
You can send a SAR to anyone who holds information about you, such as an ex-employer, an academic institution, the DWP, etc. On this page, we will concentrate mainly on banks and creditors.
A SAR should be sent by recorded delivery so it can be tracked on the Royal Mail website. Enclose a cheque or PO for £10 to cover the statutory maximum fee.
The organisation should respond to a SAR within 40 calendar days from the day they receive the request and fee.
Companies may ask for further information to be able to identify you and/or locate your details, it is generally OK to provide this information to avoid delay.
You may wish to send a Subject Access Request if:
Most banks will only send data and statements for the last six years.
You can send a SAR for a closed account, but they may not be able to locate any data if the account was closed over six years ago.
If your account has been assigned or passed on to a debt collector, they will not have obtained any of the data regarding your account. You need to send the SAR to the original lender (bank or credit card company). There are times when you may wish to send a SAR to a debt purchaser, for example, if you have been making payments directly to them and want to obtain their records.
If the company does not reply within 40 days, you can write to them. Wait a few more days before writing. Attach a printout of the receipt from the Royal Mail website to your letter if possible.
If the company has not supplied all the statements and data held about you, you should send the following letter, providing as much detail as possible.
Complain to the ICO
If the bank or other company has not responded or their response is unsatisfactory, you can complain to the ICO. The ICO will expect you to have followed certain steps before you complain to them:
If, after following those steps, the company:
You can complain to the ICO: