Ok-lets look again at this again.

" the only basis on which information could be shared for fraud investigations amongst insurance companies and self-insured entities, for example some local councils self-insure, is under a court order or with the explicit consent of the individual involved!"

Getting a court order would provide an easy solution what is a often a very vexed sharing question-you effectively have to do it! Job done. If the requesting body want the information badly enough, they will do this.

"Explicit consent"-why not just get your fair obtaining clauses/forms in order and record choices properly?

I know some EU jurisdictions have a reputation for being a bit restrictive, but this is not really a showstopper.

As for the bit about " successful joint/industry fraud investigations", I have seen a few of these sharing initiatives and frankly they do not bear any close scrutiny.

Playing devils advocate perhaps…..but.

Iain Harrison

Information Governance Officer,
Information Governance Team,

Democratic Services,
Customer & Workforce Services,

Coventry City Council
Room 21a, Lower Ground Floor,

Council House,
Earl Street
Coventry. CV1 5RR

Telephone No: 024 7683 3305

Fax No: 024 7683 3395

www.coventry.gov.uk

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Chris Spray
Sent: 03 June 2011 23:54
To: [log in to unmask]
Subject: [data-protection] Using Section 29 Exemptions to share data - Law enforcement authorities only

Tucked away in an appendix to the Irish Data Protection Commissioner’s Annual report mentioned on this message board earlier in the week, is a statement that the Irish DPA equivalent of section 29 in the UK “can only be relied upon by a law enforcement authority” to allow sharing of information for fraud investigations.

They also state that the only basis on which information could be shared for fraud investigations amongst insurance companies and self-insured entities, for example some local councils self-insure, is under a court order or with the explicit consent of the individual!

This interpretation came as quite a surprise and appears to have no basis in law. Can anyone see any basis for it?

I am sure that this will be challenged. Had the UK Commissioner adopted the same view it is likely that some major and successful joint/industry fraud investigations could not have got off the ground.

Regards

Chris

All e-mails are monitored by Coventry City Council IT Security, using M@ilMeter and Star Filtering Services in accordance with the Regulations of Investigatory Powers Act 2000.
_____________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)