Hello Clare
All financial institutions (probably) include the crime
prevention/investigation purpose in their notifications, to cover the
activities of their fraud investigation people. If the data subject's
activities appear suspicious to the extent of needing a referral to the
police under anti-money laundering regulations, you can argue that (provided
the aforementioned crime purpose is included in your notification) you are
investigating criminal activity and claim exemption from including the
police referral in your SAR response under S.29(1).
If you subsequently find that there was no grounds for the referral, you
should probably bite the bullet and provide the information, and be ready to
explain to the data subject why the referral was made. Alternatively, if
there is no requirement to hold on to the referral information if it proves
unfounded it would be better to delete the relevant data (3rd and 5th
Principles).
Stuart Lynch
Stuart Lynch Consulting
Training/Consultancy in
Privacy/Information Protection
01704 870365
mailto:[log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Clare Bond
Sent: 29 January 2002 14:11
To: [log in to unmask]
Subject: Data Subject Access Requests & Police Referrals
Please can you tell me what your thoughts are on the following scenario.
If we receive a Data Subject Access Request from an individual who we
believe has some involvement in a Money Laundering offence and by releasing
the information this might reveal a referral to the Police or NCIS, what
should we do?
There appears to be a conflict between the two acts (Money Laundering & Data
Protection Act).
I would appreciate your comments on this type of situation.
Thank you,
Clare
Clare Bond
Compliance Officer
3rd Floor, Ladymead
Tel: 01483 55 2944
Fax: 01483 55 2946
Email: [log in to unmask]
**********************************************************************
Copyright in this message and any attachments remains with us. It is
confidential and may be legally privileged. If this message is not
intended for you it must not be read, copied or used by you or
disclosed to anyone else. Please advise the sender immediately if
you have received this message in error.
Although this message and any attachments are believed to be free of
any virus or other defect that might affect any computer system into
which it is received and opened it is the responsibility of the
recipient to ensure that it is virus free and no responsibility
is accepted by Cornhill Insurance PLC for any loss or damage in any
way arising from its use.
Cornhill Insurance Plc, Registered in England number 84638,
Registered Office 32 Cornhill, London EC3V 3LJ.
Regulated by the Personal Investment Authority for life and pensions only.
Member of the General Insurance Standards Council for general insurance
business.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|