JISCMail - DATA-PROTECTION Archives

I see no reason to disagree with Chris's comments. My earlier post was simply pointing out that the 'private' in 'private client' was irrelevant to the determinatiuon of who is a controller or processor. What makes the investigator a controller is whether he determines purpose and/ or method, not the staus of his client. And  *if *in any particular case the correct answer is that he is a processor (which would be unusual in my view but not impossible), and his client is working within the s36 exemption the ICO has no jurisdicion over the activities.
 ... BTW I have not had time to look up the matter but I have a clear recollection that there is judicial authority that the AND in the definition  /should /effectively be read as OR.
----- Original Message -----
From: Chris Brogan
Sent: 12/10/13 01:17 PM
To: [log in to unmask]
Subject: Re: [data-protection] Data Controller

 /If the private client engages the investigator to locate his long lost brother so he can meet up with him for Christmas then the private client has determined the purpose of the investigation but has he decided the manner? If the investigator is smart (in my experience most of them know little to nothing about the DPA) he will have explained in some detail to the private client what steps he proposes to take to locate the long lost brother and get the agreement of the private client. In that scenario would that be enough to successfully argue that the private client as well as determining the purpose has also after the advice of the investigator decided the manner?/
 /THE ICO is of the opinion that when an investigator acts for a client that he is the Data Controller. They are quite adamant about that. I cannot find anywhere in the DPA where it says that the ICO determines who or what is a Data Controller. It is a matter of fact. Do I determine "The Manner AND (not or) the purpose of the processing?" I suspect that they have come to this conclusion by comparing the law enforcement investigator (created by statute) with an investigator in private practice who has no more authority than Joe Public./

 /Now the investigator makes a section 29 request. If my submission above is correct then he is making this request as a data processor on behalf of his client the data controller. In the request he details the reason for the request. He gets the information and passes it to his client, say the insurance company, who immediately use the information in a civil case either to rebut a claim or sue the claimant. (This happens all the time.)/
 /The following is taken from the ICO's Guidance "When can I disclose information to a private investigator."/
 /The organisation being asked for the information must consider
each request, on a case by case basis, and be satisfied that it is
genuine and within the scope of the exemption. In particular they
will need to be satisfied that the prospect of proceedings is genuine,
proceedings are already underway or legal advice is genuinely being
sought. They will also need to be satisfied that the specific
information being requested is actually necessary for the purpose
stated by the investigator. /

 /I cannot see how the investigator can give the assurance needed when the final decision will be that of his client./
 /To my mind it is not sensible therefore to provide information to a Private Investigator but get the end client to make the request./

 /Now just in case any of you are wondering what relevance this is to you a public authority I would say that the vast majority of your organisations are, on a regular basis, using the services of an agency whose activities would fall within the definition of "Private Investigation" as determined by the Home Office./

 /Chris Brogan/

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^