An issue which did not come across
clearly to me in the discussions is that the police should limit their request
for data to that which is 'adequate, relevant and not excessive' for the purpose
of the section 29(3) exemption. Clearly the decision by the
organisation the request is to, will need to be informed in some way on adequacy
and excessiveness; something most organisations at the moment (including the
police) appear lax at. A high level of support will be required where a
request is turned down as pressure can sometimes be brought to bear by persons
who may be in a hurry. Police officers can commit Section 55(1b)
offences.
A common misconception appeared to
exist regarding local authority information sharing. The Crime and
Disorder Act does not allow uncontrolled information sharing. Section 115
of the Crime and Disorder Act merely removes the ultra vires problems with the
sharing of data between public organisations. It does not make that
sharing lawful. Other legislation and the data protection
principles still have to be followed.
There are two Association of Chief
Police Officers (ACPO) documents giving guidance to police forces. The
ACPO Code of Practice for Data Protection and the ACPO Data Protection Audit
Manual. Both are awaiting update to reflect the new
act.