My observations
Original recommendations in the concepts of control of such requests within
Police forces used to include control of the booking out of the 29(3) forms
to the investigating officers enabling a clear audit trail on authenticating
requests. However I understood that ACPO in practice provide guidance but
cannot necessarily 'enforce' its application across the different forces. I
do know that the design of Section 29 request forms was under review in the
Merseyside Police area as they were seeking any observations on content from
our organisation as a recipient.
One of the forms purposes is to provide an evidential trail for recipients
to evidence they were acting in good faith in supplying data because it was
being requested for one of the investigatory purposes the legislation never
intended frustrate. What should be required is authenticating the sender as
being employed within the relevant organisation (data controller) claiming
the remits of access ie Crime prevention, Tax assessment etc. If that
individual is making a misleading request ie they are not being authoriseed
by their employer then they are subject to Section 55 offences and their
employers security procedures in controlling requests made in their name
needs examination. The receiver of the form (supplier of data) should be in
the clear as long as they check the source data controller employs the
requestor.
To my mind it is therefore irrelevant if the requestor is a civillian
employee of the Police authorities. In using the form they are acting on
behalf of the requesting data controller with the controller being
vicariously liable for their actions. The responsibility for controlling the
requestor lies with the employer as the data controller. Recipients have no
direct way of checking signatures on any forms received.
Id observe that the receipient needs to preserve their evidential trails due
to their obligations to their own employees by using good document
management to ensure all forms received (along with their associated
policies on disclosure and staff training procedures on Section 29 handling)
are accessible in case of later dispute. This enables them to evidence they
acted in good faith in the information supply. The recipients procedures
should be trying to protect their own employees from section 55 offences, ie
exceeding their authority in disclosing.
A recipient data controller can after all refuse any access under section 29
if their management policies so dictate thereby protecting their employees
from section 55 offences, their data subjects privacy and also saving money
on administrative processes.
David Wyatt
----- Original Message -----
From: "Christopher Spray" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, January 06, 2006 8:14 PM
Subject: Re: [data-protection] Section 29(3)
> Gerry, the form used by many police forces (originally agreed for use with
> ISPs but adopted more generally and updated) states that the form must be
> signed by the requesting officer and countersigned by a senior officer of
> rank no lower than Inspector.
>
> From personal experience I would not accept a request from a civilian
> employee - I have had experience of a civilian employee trying to make a
> request in order to conduct her own investigation into a crime against her
> father (identified before the request was granted)!
>
> I can't seem to find an up to date version of the form - the original
> template (albeit in its DPA 1984 guise) is here to give you an idea...
> http://duncan.gn.apc.org/DPAFORM.htm. I think the more up to date
> versions
> include a confirmation that failure to provide the information would be
> likely to prejudice the investigation (to give you assurance under the
> S29(3) requirements for disclosure).
>
> Don't forget though that any such request is no more than that ..a
> request..and you are not obliged to comply.
>
> Chris
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Gerry Dane
> Sent: Friday, January 06, 2006 3:00 PM
> To: [log in to unmask]
> Subject: [data-protection] Section 29(3)
>
> Have received a Section 29(3) request form.
>
> Question: Does a civilian employee of the police have any powers of
> investigation in relation to crime? ie Can they properly leverage the
> exemption via this device, or does it have to be a warranted officer?
>
> I'm intending to get the thing countersigned by a senior officer - but
> once again can it be a senior civilian officer or does it have to be a
> 'proper copper'.
>
> Thanks,
>
> Gerry.
>
> Mr.G.Dane
> University of Newcastle
> Email: [log in to unmask]
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|