NOT PROTECTIVELY MARKED
That is the approach we take.
Most police forces I have encountered (I appreciate practices may vary nationwide) provide a form giving name of data subject, matter being investigated, powers being exercised (not the DPA) and a statement regarding DP s.29 (and telling us not to tip the subject off regarding what they are doing).
These are generally pretty straight forward, although we do query a few where they seem off-topic or too broad/vague.
I have never refused (well...perhaps once or twice...and a few have been substantially modified when queried).
We get frequent requests from other authorities that cite s.29...but nothing else. We kick those back asking for clarification.
I took the same approach regarding these when working in the private sector, advising clients.
I have never though seen one of the type described in this correspondence.
Iain Harrison
Senior Information Governance Officer
Tel. Office: 01902 555546
E-mail: [log in to unmask]
Wolverhampton City Council
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Michael Bacon (Grimbaldus)
Sent: 22 September 2015 13:04
To: [log in to unmask]
Subject: Re: [data-protection] SAR from the Police?
Police powers come from a variety of legislation including Police Acts, Fraud Act, Theft Act, PACE, Road Traffic Acts, Terrorism Act(s). S.29 is merely an exemption to be exercised, or not, by a Data Controller, which is why I advise clients to push back any s.29 request that does not give the actual law (Act and section) under which the request is made.
It might be that public sector experiences different circumstances than the private sector, but I have never seen a s.29 with the Data Subject's consent attached. Usually, it is a matter of the police gathering evidence to support a charge, and the DS's consent would be an unlikely aspect of that.
M
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Clarke, Dawn
Sent: 22 September 2015 11:18
To: [log in to unmask]
Subject: Re: [data-protection] SAR from the Police?
You may find that far from being sloppy practice, the police have sent a consent form because so many organisations insist on one, even when S.29 is applicable. S.29 has no powers attached, and organisations regularly refuse disclosure under a S.29 request because they don't want to have to make a decision about whether the disclosure is necessary based on what the police have told them. They insist on consent and therefore, the police can tend to fall into a practice which in many cases is the quickest route.
Also, in these days of multi-agency working you may find that the police are working with a person, along with other agencies, to support them in some way, which could be outside the S.29 functions.
The best thing to do is contact the officer requesting to find out why they have not submitted a S.29 form and to check that the wording of the consent covers what is being requested. I recently queried a police request because the wording on the consent form was fairly specific, but the covering letter from the officer was asking for much broader information. We agreed that they would narrow their request to match the consent.
________________________________________
From: This list is for those interested in Data Protection issues [[log in to unmask]] On Behalf Of Michael Bacon (Grimbaldus) [[log in to unmask]]
Sent: 22 September 2015 10:45
To: [log in to unmask]
Subject: Re: [data-protection] SAR from the Police?
You could consider sending the data to the Data Subject, with a copy in a sealed letter addressed to police and let the DS supply this to the police?
M
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 22 September 2015 10:20
To: [log in to unmask]
Subject: Re: [data-protection] SAR from the Police?
Andrew
If it is not within s29 why on earth are they asking for it? Can it meet the fairness test in P1 if it is not for a s29 purpose? Can it meet 'relevant and not excessive' in P3?
s29(1) basically has a pretty low threshold. There is no necessity test, just processing for one of the defined purposes and compliance with a condition which consent clearly CAN supply - avoiding the necessity test in other conditions
This clearly looks like a ham-fisted (sorry that is a jest for another
topic) and lazy s29. They should do it properly. 999/1000 it really would not matter but if as a DC you act on the assumption that it's the police and they must know what they are doing, eventually you may take a sharp fall.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Internet communications are insecure, therefore City College Norwich (CCN) does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of CCN.
This email and any files sent with it are intended only for the named recipient and may be confidential. If you are not the named recipient please email the sender immediately then delete this message. You should not disclose the content, distribute or retain any copies of this message.
City College Norwich, Ipswich Rd., Norwich, Norfolk. NR2 2LJ.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|