In message
<[log in to unmask]>,
Arthur Longhurst <[log in to unmask]> writes
>It would appear that the request is exempt as it's purpose is for
>preventing fraud i.e. detecting crime.
Such requests still have to meet certain criteria. You have to be
convinced that the investigators have a reasonable case against each of
the individuals, and that there's no other sensible way of them
proceeding with the investigation [1]. You need to make that decision
based on what you've been told.
Simple "checking the accuracy of [NHS] claims", as was originally
mentioned, seems to me to fall inside the "fishing expedition" arena,
and not be the result of a specific investigation into one suspicious
individual.
[1] "The Data Protection Act only allows release of information where
both the information is required for one of the purposes listed and
failure to disclose the data would be likely to prejudice the matter.
This form must not be used where the only purpose is to confirm known
facts, for general intelligence, or for administrative reasons."
http://www.linx.net/misc/dpa28-3form.html#guidance for ISPs but the same
ideas apply in all 29(3) circumstances.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
