An issue which did not come across clearly to me in the discussions is that the police should limit their request for data to that which is 'adequate, relevant and not excessive' for the purpose of the section 29(3) exemption.  Clearly the decision by the organisation the request is to, will need to be informed in some way on adequacy and excessiveness; something most organisations at the moment (including the police) appear lax at.  A high level of support will be required where a request is turned down as pressure can sometimes be brought to bear by persons who may be in a hurry.  Police officers can commit Section 55(1b) offences.

A common misconception appeared to exist regarding local authority information sharing.  The Crime and Disorder Act does not allow uncontrolled information sharing.  Section 115 of the Crime and Disorder Act merely removes the ultra vires problems with the sharing of data between public organisations.  It does not make that sharing lawful.  Other legislation and the data protection principles still have to be followed.

There are two Association of Chief Police Officers (ACPO) documents giving guidance to police forces.  The ACPO Code of Practice for Data Protection and the ACPO Data Protection Audit Manual.  Both are awaiting update to reflect the new act.