What does readily retrievable mean?

Individuals have a right to have you confirm whether you hold personal information about them, and to have access to this information, where the personal information is ‘readily retrievable’.

There are a number of things to consider when determining whether information is readily retrievable, including the amount of time and cost required to retrieve the information, when the information dates from, and the manner in which the relevant information is stored.

A lot of information is technically 'retrievable', but this isn’t necessarily the same as being ‘readily’ retrievable. For instance, even if information has been deleted from a computer, it can often be retrieved. Doing so, though, is often difficult, is a specialist job, and can be very costly. The results may also be imperfect, particularly if the information has been deleted some time ago.

It may also be difficult to retrieve physical documents, particularly if they date back a long way and the records of where the information is stored are not clear. Agencies need to try their best to get information for requesters, but there is only so far that they can reasonably be required to go.

Agencies that cannot retrieve information do not necessarily escape liability, though. Agencies need to have good information storage systems that enable them to retrieve information when it is needed. If information, which should be readily retrievable, isn’t (because the information has been lost or misfiled for example) this may be in breach of the agency’s obligation to keep personal information secure.

(Updated November 2020)