Ms Jennifer O'Sullivan:

In terms of access requests and the complaints we receive about them, a significant proportion relate to the one-month deadline being missed and a further significant proportion would be on the completeness of the information provided. We can give the Deputy a breakdown of the figures.

In terms of the length of time between the DPC receiving a complaint and initiating activity, the Deputy is right that speed partly depends on the level of resources that we can apply. As resources are increased the time shortens.

We are tracking that performance measure very carefully and seeing a slight reduction in it.

Further to the question asked by Deputy Jack Chambers, and the response given by my colleague, Ms Morgan, the question of funding and resources relates to the level at which we can simultaneously handle complaints and enforce. Certain finite parts of each process need to be run through. Certainly, we could do more simultaneously if we had more resources. The Deputy's question related specifically to the length of time that passes between the receipt of a complaint and the initiation of an investigation. When we receive a query, concern or complaint from an individual, we check if the issue relates to data protection to ascertain whether it is within our competence. After that has been assessed, generally we seek initially to resolve the matter amicably between the individual and the organisation. Access requests, in particular, tend to turn on their own facts. By intervening and engaging with the data controller and the individual, we can quickly achieve a vindication of the individual's rights and ensure that through our intervention, he or she receives the full set of data he or she is seeking from the data controller. It is not the case that each complaint ultimately ends up as an investigation. That is particularly true in the case of access requests if it seems like the issue is specific to the case. A small proportion would reach a statutory basis like that. Ms Morgan might follow up on this. When we achieve amicable resolution of a specific case, we always examine the issue in general with the data controller. The achievement of an amicable resolution in a given case does not preclude us from continuing to examine the issue in a more systemic way. Ms Morgan has more to say about amicable resolution in general.