ABSTRACT
Measuring holds many potential pitfalls. In many circumstances, things are measured because they are available and easy to measure.
I saw a recent outsourcing contract that had as one of its key metrics ‘the number of times a member of the public makes a “subject access” request under the Data Protection Act’. The UK Data Protection Act (in common with most legislation across the European Union) allows members of the public to ask organizations (public or private) to provide details of the enquirer’s ‘personal’ information. If the organization fails to do so, or is found to be operating outside a number of principles set out in the Act, the Information Commissioner can take the off ender to court. The use of a metric that looks at the number of subject access requests (as such enquiries are correctly termed) is pointless. The real issue is not the number of times someone expresses an interest in what information is held by an organization; the issue is whether or not they receive their personal information in the correct manner and in the right timescales.
