JISCMail - DATA-PROTECTION Archives

Audit Scotland is, without question, a Public Authority. Article 8 is, 
therefore, very clearly engaged.

This is how I see it.

The employee has a right to the privacy of their banking arrangements 
UNLESS the requirement for compulsory disclosure is

(a) in accordance with law;

and

(b) necessary in a democratic society and proportionate.

What this means is, that first of all, Audit Scotland must have 
statutory powers which explicitly allow the compulsion that is 
apparently placed on the employee.

If they do not have powers, the employee does not have to provide the 
requested information. If sanctions are applied in those circumstances, 
I would suggest that those sanctions would be ultra vires and therefore 
unlawful.

Even if Audit Scotland do have statutory powers, those powers must be 
necessary in a democratic society.

Article 8 is a qualified Convention right, so justification  of 
necessity is possible.

Prevention and detection of crime is one of those justifications which 
could easily permit qualification of the right. However I fail to see 
how mere bank account data is necessary in these circumstances. In any 
event, surely there would have to be some form of reasonable suspiction 
of an offence to exercise compulsion for the prevention and detection of 
crime?.

Finally, even if you can show that the interference with the Convention 
right is both according to law, and necessary, it must still be 
proportionate. This is often called the 'sledgehammer' criterion. (i.e. 
what you must not use for the purposes of accessing the edible part of 
nuts).

So if the interference is disproportionate (and in the absence of 
reasonable suspicion it would appear to be) then the interference with 
the Convention right is unlawful.
And the powers of compulsory disclosure, if they exist in in secondary 
legislation, may potentially be quashed.

Does this help?



Nigel

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^