Many non police organizations conduct criminal investigations. The recommended skills for Private Investigators include conduct of criminal investigations. The British retail Crime association advise their members on criminal investigations. Civilian powers of arrest have recently been reviewed. Telecom companies conduct their own investigations and then present their evidence to the police. Royal Mail with no more authority than the man in the street conduct their own criminal investigations and prosecutions. There are many more examples. Should you respond to a section 29 request from them? Now that is a tricky one. If it goes pear shaped where does that leave you? If a private investigator makes a section 29 request I suggest you ask why he is doing it. Shouldn't it be the Data controller his client? If he makes the request without the sanction of his client has he now determined that processing and taken on the mantle of Data Controller? If he has which condition in schedule 2 has he satisfied? If as I suspect he hasn't then surely there is a breach of DPA at least Principle 1, probably 2, could argue a breach of 6, most certainly 7? If you respond in these circumstances are you being reckless? Would this be a section 55 offence? If Richard Thomas gets his way and this happens in 2 years time could you end up in the pokey for 2 years. Who said DP was boring? May I suggest that you only respond to law enforcement section 29 requests. Chris Brogan Managing Director Security International Ltd 130 St Johns Road, Isleworth, Middlesex TW7 6PL, UK Tel: +44 20 8847 2111 Fax: +44 20 8847 1852 Registered in England & Wales No. 1322074 Registered Office: 11 Loveday Road, London W13 9JT www.securitysi.com -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Legal Compliance at KCL Sent: 23 November 2006 14:46 To: [log in to unmask] Subject: Data Protection Act - Section 29 Dear all, I was wondering if many of the other organisations often receive requests under section 29 of the DPA. If so, I would just like to see what your views are, and whether you feel this moves some of the administrative burden for criminal investigations onto the public sector. How appropriate do you feel this is, that certain 'low level' investigations are undertaken by persons who have otherwise nothing to do with the Police (I hope). Best wishes Legal Compliance ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^