Gwenan
I was under the impression that some benefits fraud investigations now had a
statutory basis for some information but regardless of that it is really
down to the requestor (Benefits Investigations Service) to declare their
position accurately in writing in their request allowing you to check the
statute and subsections before supply. If another statute gives them powers
of access or powers of prosecution then you would expect a request under
section 35(1 or 2) of the DPA98. In your case clearly this has not occurred
and they are implying by making their request under the old 28(3) of the
1984 Act (now 29(3) of the 1998 Act) that they have no statutory right of
access under any other statute. The implication in not requesting
disclosures using 35(2) of the DPA98 is that it is indicative that they are
not collecting the data in connection with any legal proceedings or
prospective legal proceedings. So presumably they are simply trying to
establish if any potential offence is occurring by seeking data from you.
My initial response would be that if they have no statutory access due to
other legislation then they need to document in writing why their
investigation would be prejudiced by your failure to supply declaring the
correct statute and subsections of the Data Protection Act. If they then
follow up you then have to decide whether you accept their reasoning. For a
prejudicial position to exist I would have thought as a minimum you would
have to be the only organisation from where the data items requested could
be obtained.
You would have thought NI number for example should be notified to
yourselves with name and address of person being investigated to allow you
to make a specific match of records ensure the person being investigated was
indeed the person on your records and not you disclose this from your
records presumably to allow them to effect an accurate match.
Another point to note is that in many requests, even where a statutory
access right does exist, the requestor may well be overstepping those rights
and seeking excessive data. The onus is on yourselves to check any such
request is valid. This is why the obligation should be placed with the
requestor to substantiate their request accurately. From my personal
experience we have declined several such requests on first attempt and most
never come back (well to not to my desk). There is of course always an
overhead cost in extracting and supplying data as well as DPA risks.
Hope this assists
David Wyatt
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Gwenan Owen
Sent: 13 February 2001 14:18
To: [log in to unmask]
Subject: Request from Benefits Investigation Service
I wonder whether anyone else (possibly in the HE sector) has recently
received a letter from the Benefits Investigation Service?
At Bangor it was sent to the Academic Registrar and says that they are
currently making enquiries in connection with a number of offences which
appear to have been committed against the Benefits Agency and believe that
the university could help them progress the investigations. It goes on to
request a computer produced list of all current undergraduates showing
names, date of birth, national insurance numbers and start date of
course(s)! Obviously alarm bells started to ring in the Academic Registry
and they sent the letter on to me.
The letter goes on to say that under section 28 of the Data Protection Act
1984 (!) disclosure of this information is permitted (and they very
helpfully give a photocopy of the relevant section).
Now, I'm not sure at all about this. As I read it this section 28 (or I
think section 29 of the 'new' 1998 Act) does talk about the prevention and
detection of crime etc. but surely this would be classed as a 'fishing'
exercise? It would perhaps be a different thing if they requested
information on a specific student because they had reason to believe
him/her to be defrauding the Agency?
I would really welcome some guidance and comments on this!
Gwenan
--
______________________________________________________________________
Gwenan Owen
Copyright/Data Protection Officer
Information Services, University of Wales Bangor,
Main Arts Library, College Road,
Bangor, Gwynedd LL57 2DG, UK
tel: (01248) 382413
fax: (01248) 382979
e-mail: [log in to unmask]
______________________________________________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|