Dealing with a Subject Access Request can cause many headaches for HR managers and involve a huge amount of working time deciding on what should and should not be disclosed, particularly where the data identifies third parties. To assist this process, the Information Commissioner’s Office has published a guide for organisations on how to disclose information safely by removing personal data from information requests and datasets. The guide provides a useful summary of the legal principles and provides examples of common types of inappropriate disclosures that the ICO has seen. The Guide is not limited to SARs but is also relevant to public authorities responding to a freedom of information request and/or those proactively publishing data as part of a publication scheme or otherwise making data available. A copy of the guide can be found here.