Liz
Obtaining pecuniary advantage by deception is a criminal offence under the
Theft Act. Usually defined as Fraud.
Any individual committing a criminal offence or suspected of one is not
necessariliy protected by DPA.
If a person is committing a criminal offence 29(3)can come into play. The
data processed for such an investigation would appear to become sensitive
given it will fall under Section 2(g) definition 'alledged offence in this
context. A controller therefore still needs a Schedule 2 and 3 processing
condition. This however appears to be all in the context of the
non-disclosure aspect given Section 27(3) and (4) defining non-disclosure.
Arguable processing conditions appear to be
Schedule 2 Subsection 6 - Legitimate interests of controller or third party.
Schedule 3 subsection 6 - assuming it is yours organisation and receiving
organsations policy to take actions always on potential offenders in
exercising or defending your legal rights as a data controller.
This gives a possible framework in which to design procedures but as there
can be counter arguments you should ensure your lawyers feel confident in
the construct or seek agreement from the Commissioners office.
The Act appears to allow for the argument to be presented to support
disclosures linked to preventing or detecting a crime. It does not appears
to restrict who can undertake crime detection activities.
Whether other legislation does I could not say.
I am not aware yet of anyone who has actually used the above arguments yet
under challenge but that is not to say its basis would fail in law. No one
wants the legislation to protect criminals however insignificant the crime
may seem. You do need however to ensure adequate controls exists to ensure a
consistent application of any such construct in the manner used to screen
individuals ensuring it is not used selectively or maliciously to cause
harrasment.
Hope these thoughts assist. If you do research further I would be very
interested in feedback.
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Liz Dodds
> Sent: 05 July 2001 14:06
> To: [log in to unmask]
> Subject: Fraud and DPA
>
>
> We had a case recently of a PhD student who, it turned out, had gained
> admission to the University by citing false qualifications from an
> overseas institution. Upon discovering this, we instigated disciplinary
> procedures and expelled the student. It now appears, from their
> appearance at conferences and events, that they have gained admission
> elsewhere, presumably by citing false qualifications. The academic
> department concerned want to tell the other institution about our
> discovery and subsequent action but are afraid that in doing so they
> will contravene the Data Protection Act.
>
> It is complicated by the fact that they suspect that the individual
> concerned may be committing a further fraud but have no proof on which
> to base this suspicion.
>
> Can anyone suggest what they can do legally to try to forewarn their
> colleagues in other institutions?
>
> Thanks,
>
> Liz
>
> --
> Liz Dodds
> Assistant Registrar
> Academic Office, Stockton
> University of Durham
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|