UK ISPA Give Police Secret Briefing and new CR&CL(UK) report lau

[Clare Wardle]

Pete Mitchell wrote:
>I take the DPA to be next to useless
>as a means of discouraging official intrusion into private data. Has
>anyone ever been prosecuted, or sued, under the Act in such
>circumstances? Has such a complaint ever even been logged by the
>Registrar? 

Complaints have certainly been dealt with.  And while I agree that with more staff and resources the Data Protection Registrar could be more effective, she and her team do do quite a lot of good work.  They have been very effective in getting sensible codes of practice for use of personal data by government agencies e.g. recently under the Social Security Fraud Act. 

Moreover, when a company is asked for data, eg on its employees by the police or local authority, the DPA makes it clear that such data can only be provided in specific cases, and for specific purposes, which gives an incentive to the company to get it right - certainly don't agree that you can't go behind the bald confirmation by a constable that the data request is not a fishing expedition as suggested by Dave Swarbrick.

However, if the general public were more aware of their rights, and enforced them in this kind of case, the legislation would have more teeth.  Simple way forward - everyone who thinks that their ISP is providing their information to the police too readily, or their medical records are being accessed by inappropriate people, complain to the Registrar, e-mail data@wycliffe.demon.co.uk. 

Under the new Act (which is supposed to be in force already, but is in fact probably going to come into force later this year) it will be possible for individuals to sue for damages, which will make it more likely that individuals will sue.


Clare Wardle

My views are my own and not necessarily those of my employer or colleagues.