--- Begin Forwarded Message ---
Date: Thu, 23 Nov 2006 15:45:09 +0000
From: [log in to unmask]
Subject: RE: Data Protection Act - Section 29
Sender: [log in to unmask]
To: Chris Brogan <[log in to unmask]>
Reply-To: [log in to unmask]
Message-ID: <[log in to unmask]>
Wow! Chris that is really informative. What about Local authorities and
authorities who farm out the fraud detection roles the third party
investigative companies. Could you argue that even with the defences of
section 29, an organisation could be in breach by collecting such data,
or processing such data for another purpose like this?
How widespread is it, and should this worry the average man in the
street, that ACME investigations has their file. Even if they are using
their powers supposedly for fraud. Is there not a real risk that by
giving personal data to persons who are totally unqualified to conduct
an investigative function could easily clone such identities. Is it
therefore not a massive risk to give out data to organisations under
section 29, so that as Chris says we must only deal with Police.
What then happens to all of these agencies who are set up, presumably
to save Police time shuffling paper?
Best wishes to all
Legal Compliance
King's College London
On Thu, 23 Nov 2006 15:36:56 -0000 Chris Brogan
<[log in to unmask]> wrote:
> Many non police organizations conduct criminal investigations. The
> recommended skills for Private Investigators include conduct of criminal
> investigations. The British retail Crime association advise their
> members on criminal investigations. Civilian powers of arrest have
> recently been reviewed. Telecom companies conduct their own
> investigations and then present their evidence to the police. Royal Mail
> with no more authority than the man in the street conduct their own
> criminal investigations and prosecutions. There are many more examples.
> Should you respond to a section 29 request from them? Now that is a
> tricky one. If it goes pear shaped where does that leave you? If a
> private investigator makes a section 29 request I suggest you ask why he
> is doing it. Shouldn't it be the Data controller his client? If he makes
> the request without the sanction of his client has he now determined
> that processing and taken on the mantle of Data Controller? If he has
> which condition in schedule 2 has he satisfied? If as I suspect he
> hasn't then surely there is a breach of DPA at least Principle 1,
> probably 2, could argue a breach of 6, most certainly 7? If you respond
> in these circumstances are you being reckless? Would this be a section
> 55 offence? If Richard Thomas gets his way and this happens in 2 years
> time could you end up in the pokey for 2 years.
> Who said DP was boring?
> May I suggest that you only respond to law enforcement section 29
> requests.
>
> Chris Brogan
> Managing Director
> Security International Ltd
> 130 St Johns Road, Isleworth, Middlesex TW7 6PL, UK
> Tel: +44 20 8847 2111 Fax: +44 20 8847 1852
> Registered in England & Wales No. 1322074
> Registered Office: 11 Loveday Road, London W13 9JT
> www.securitysi.com
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Legal Compliance at
> KCL
> Sent: 23 November 2006 14:46
> To: [log in to unmask]
> Subject: Data Protection Act - Section 29
>
> Dear all,
>
> I was wondering if many of the other organisations often receive
> requests
> under section 29 of the DPA.
>
> If so, I would just like to see what your views are, and whether you
> feel
> this moves some of the administrative burden for criminal investigations
>
> onto the public sector. How appropriate do you feel this is, that
> certain 'low level' investigations are undertaken by persons who have
> otherwise nothing to do with the Police (I hope).
>
> Best wishes
>
> Legal Compliance
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
----------------------
[log in to unmask]
--- End Forwarded Message ---
----------------------
[log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|