Charles:
The Association of Chief Police Offices (ACPO) have a Data Protection Code
of Practice for application by Police Forces.
This contains a specific form (Appendix B of that Guide) associated with
requests made under 28(3) of DPA 1984.
I assume this will be updated by ACPO under DPA98 but have not yet checked.
The theory is that the form is booked out by the forces DPA administrators
to the investigation officers and this should be counter signed by their
senior officer. These events therefore demonstrate a degree of control over
the requestor by the forces own procedures and should provide some
confidence to the receiver of the request.
However from time to time I tend to research such procedures to see how well
they are actually applied. This being a throw back to my days as an auditor.
In this instance we had a received a number of verbal requests from a
particular force so I contacted their DPA officer and found that person was
unaware of the ACPO guide. Lesson is clear, despite the design of well
meaning processes designed to protect data from misuse those disclosing have
to keep their guard up to protect their employees.
David Wyatt
Data Protection Manager
Norwich Union
Views expressed are personal to the author only.
----- Original Message -----
From: "Charles Christacopoulos" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, March 10, 2000 3:54 PM
Subject: RE: Requests for Data by Police
> ** Reply to note from "Walshe, Pat" <[log in to unmask]> Fri, 10 Mar
2000 14:20:50 -0000
>
>
> > Liz,
> >
> > I sent this to Edwina . you may be interested:
> >
> > The Police and other authorised agencies should make a request under the
> > Section 29(3) of the DPA 1998. You are not obliged to disclose any data
> > unless you have reasonable grounds for believing that any failure to do
so
> > would be likely to prejudice the purposes for which the data was
requested
> > (I.e. the prevention or detection of Crime or the Apprehension and
> > Prosecution of offenders etc). The Commissioner has stated in her
> > Introduction to the DPA 98 that "there would have to be a substantial
chance
> > rather than a mere risk that in a particular case the purposes would be
> > noticeably damaged".
> >
> > What you need to obtain from the police are details of:
> >
> > 1: The crime being investigated
> >
> > 2: The reason for the enquiry (i.e. the appropriate DPA exemption
purpose)
> >
> > 3: How the absence of any information would be likely to prejudice the
> > enquiry
> >
> > Also, if you work for a local authority, you also need to be aware of
> > Section 115 of the Crime and Disorder Act 1998 which allows the Police
and
> > local authorities to share information. See
> > http://www.hmso.gov.uk/acts/acts1998/80037--s.htm#115
> > <http://www.hmso.gov.uk/acts/acts1998/80037--s.htm#115>
> >
> > Much depends on the information being requested and whether they are
asking
> > for info on internet usage etc, email access ..... that's a different
ball
> > game
> >
> > I hope this helps.
>
> Most often they ask for addresses esp. for staff or students who have
left?
> I have yet to meet any policemen who will say why they are looking for
info.
>
> Officialdom says they must appear to be very "police like", like on the
tely
> :-)
>
> Although Universities are not under local authority control I am not sure
to
> what extent we could avoid disclosing addresses. I guess we may need more
> proof if they ask for access to other information.
>
> Any comments?
> Charles
>
> ==============================================
> Charles Christacopoulos, Secretary's Office, University of Dundee,
> Dundee DD1 4HN, (Scotland) United Kingdom.
> Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
> http://somis.ais.dundee.ac.uk/
> Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|