The body responsible for law and order in Guernsey has been given a formal reprimand for breaking the island’s data protection regulations.

The Office of the Data Protection Authority has given the Committee for Home Affairs a formal reprimand after the latter delivered a data request 71 days after a legal deadline had passed, and nearly six months after the initial request had been made.

According to the ODPA, ​on 30 January last year, Home Affairs received a request from a member of the public for copies of the personal data held on them by the Family Proceedings Advisory Service. 

Home Affairs requested an extension to the original 30 day response deadline – giving the Committee a new deadline for replying by 30 April.

That new deadline was not met by Home Affairs, with the complainant receiving “a series of disclosures of personal data” up until 28 May 2025.

On 20 June 2025, Home Affairs told the Complainant that it had identified more data that had been missed from its searches and that information was only disclosed on 10 July 2025, almost six months after the data request had been made.

Pictured: The Family Proceedings and Advisory Service is based in the old States building and former Information Centre.

Home Affairs told the ODPA these delays were caused by different factors including the volume of records requiring review and redaction, staff shortages, and changes in personnel leading to confusion regarding task ownership.

Home Affairs also said incomplete initial searches that were carried out missed data from August 2022 that had been requested.

​The Data Protection Authority found that Home Affairs had breached Section 27 of the Law, which requires controllers to comply with requests as soon as practicable and within the designated period.

​The ODPA dismissed the justifications provided by Home Affairs, noting that 1,157 pages is not an excessive amount of data to process within a three-month window. 

It also found the 20-day delay in releasing the final 24 pages of data was excessive given the request was already significantly overdue.

Data Protection Commissioner Brent Homan said this all constituted a clear failure by Home Affairs.

“Failing to meet statutory deadlines undermines trust in an organisation’s ability to protect and manage personal data responsibly,” he said.

“It also limits an individual’s ability to make informed decisions about their information.”

​The ODPA has given Home Affairs a formal reprimand, with Home Affairs committing to improving its internal processes through specific training for staff, and the creation of a new ‘Subject Access Request’ policy for the Family Proceedings Advisory Service.