It seems clear to me (from the Act) that, if information is passed to the PI and s/he then decides how much (and in what format) the information is passed on, then they are a data controller. While the information is still in the possesion of the PI, unless the client has given strict instructions as to what information is to be passed on, they can not be the data controller. 

If the client has given strict instructions as to how the PI should use the information, then (even though the PI might seem to be self employed) the PI may be deemed to be an employee and, therefore, not be able to fit into the definition of data processor.

Tony

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Ian Welton
Sent: 28 January 2005 16:53
To: [log in to unmask]
Subject: Re: Section 29 and Private Investigators


Chris Brogan on Friday, January 28, 2005 at 3:54 PM said:-

> Sorry to disagree with people here, but this is an issue
> currently being tackled with the Information Commissioner's 
> office.  The Information Commissioner sees private 
> investigators as Data Controllers.  The Fraud Advisory Panel 
> see them as Data Processors.  

[snip]

> If anybody has any strong views on whether a private
> investigator is a Data Controller I would love to hear from them. 

Viewpoint - Could the point in question be that the case under investigation
and any instructions given by a client would determine if a PI were a Data
Controller or Data Processor.

Perhaps I am being rather thick here but in some cases would not the PI be
directing the client upon the best way forward in an investigation and in
others the client could be directing the PI as to what investigative
constraints apply.  In those circumstances both controller and processor
definitions jointly apply, as sticking rigidly to one or the other could
well compromise some of the business in hand.

PI's would appear to have an important requirement to be aware of
appropriate Privacy laws, as many could well be, even if perhaps they are
unwilling to knowingly disclose that knowledge during any given defensive
fraud investigation.

Given the inherent complexities and questions in this situation, it would
seem more appropriate not to normally disclose at that point without other
strongly pertinent issues arising.

Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection 
> issues [mailto:[log in to unmask]] On Behalf Of 
> Chris Brogan
> Sent: Friday, January 28, 2005 3:54 PM
> To: [log in to unmask]
> Subject: FW: Section 29 and Private Investigators
> 
> 
>  
> 
> ________________________________
> 
>  
> 
> ________________________________
> 
> 
> 
> Sorry to disagree with people here, but this is an issue 
> currently being tackled with the Information Commissioner's 
> office.  The Information Commissioner sees private 
> investigators as Data Controllers.  The Fraud Advisory Panel 
> see them as Data Processors.  If the Commissioner is right 
> (and I would point out that the Guernsey Data Protection 
> Commissioner agrees with Richard Thomas) then the private 
> investigator can make a Section 29 request if he is involved 
> in crime prevention and detection.  Many private 
> investigators conduct criminal investigations.  They act for 
> a number of public authorities that have prosecution powers.  
> The police often sub-contract work of an investigative 
> nature, albeit on the forensic side, to persons who fall 
> within the Home Office definition of private investigators.
> 
> However, generally speaking I would say under no 
> circumstances divulge information to a private investigator 
> under a Section 29 request.  I say that because, having known 
> the beast for over 25 years, the vast percentage (and I'm 
> here talking about the 90% mark) know absolutely nothing 
> about the Privacy Laws and as such are likely to get you into 
> trouble.  I disagree with the Information Commissioner that 
> they are Data Controller; I believe they are Data Processor.  
> I would therefore develop the argument that it is not up to 
> the Data Processor to make a Section 29 request, but up to 
> the Data Controller, who would be the private investigator's 
> client or instructing solicitor.  Having said that, the Law 
> Society tell me that they advise their members that they are 
> Data Processors, not Data Controllers.
> 
> If anybody has any strong views on whether a private 
> investigator is a Data Controller I would love to hear from them. 
> 
> The Fraud Advisory Panel met with the Information 
> Commissioner at the beginning of December and discussed the 
> role of private investigators.  I have a summary of that 
> meeting and if anybody is interested I would be happy to send 
> them a copy.
> 
> One final point.  We are in the process of doing the first 
> draft on the role of a private investigator, i.e. is he a 
> Data Controller or Data Processor, and if anybody is 
> interested in that paper I would be happy to provide it to 
> them and would welcome their comments.
> 
> Just to clarify the point about private investigators.  They 
> do investigate crime, and they have been investigating crime 
> a lot longer than police officers have.  The very first 
> police investigator was a former French private detective who 
> had served time in a French prison for fraud.
> 
> 
> CHRIS BROGAN 
> 
> 
> 
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to 
> the list owner
>               [log in to unmask]
>   (all commands go to [log in to unmask] not the list please)
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^