In message <[log in to unmask]>, Arthur Longhurst <[log in to unmask]> writes >It would appear that the request is exempt as it's purpose is for >preventing fraud i.e. detecting crime. Such requests still have to meet certain criteria. You have to be convinced that the investigators have a reasonable case against each of the individuals, and that there's no other sensible way of them proceeding with the investigation [1]. You need to make that decision based on what you've been told. Simple "checking the accuracy of [NHS] claims", as was originally mentioned, seems to me to fall inside the "fishing expedition" arena, and not be the result of a specific investigation into one suspicious individual. [1] "The Data Protection Act only allows release of information where both the information is required for one of the purposes listed and failure to disclose the data would be likely to prejudice the matter. This form must not be used where the only purpose is to confirm known facts, for general intelligence, or for administrative reasons." http://www.linx.net/misc/dpa28-3form.html#guidance for ISPs but the same ideas apply in all 29(3) circumstances. -- Roland Perry ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^