Roger Bescoby reviews the recent ICO conference…
I was on my travels last week and on Tuesday (5th May 2013) found myself at the ICO Data Protection Officers’ Conference in Manchester. Over 800 people present and about 300 ‘waiting outside the door’ as they say. It was, and always is, massively oversubscribed. It is the main event in the ICO calendar and a fantastic opportunity to get a feel for the way the regulators are thinking. Well worth getting on the guest list.
This is the third year I have attended this Conference and once again I found myself pretty much the only representative from the insurance investigation sector. Can you believe that?? Here we are, post Leveson, NOTW and with worrying EU Regulation on privacy coming out of our ears – and only Brownsword Group there from the entire industry. Does that make us ‘anoraks’ or supremely responsible chaps?? Answers on a post card…
I picked up on two main points that I would like to share with you all:
Europe? You Never Had It So Good…
There are some massive EU reforms on the way in the form of new European Regulation on Data Privacy. By 2016 it’s looking like we are going to be regulated centrally by Brussels on DP. ‘Fine’ you may say, but when you consider the vastly differing attitudes towards Data Protection by the 27 Member States, and that the UK currently has a considerably more liberal attitude than most, it’s time to look at what might be coming our way. The explosion in social media is being blamed for the need for tougher regulations – an observation difficult to argue with.
You may remember I highlighted last year that current proposals in Brussels suggest that personal data can only be shared if it falls into one of the new proposed exemptions. Sharing of data by insurers for the purposes of fraud prevention is NOT currently listed amongst the exemptions. This seems to be a glaring omission and now evidently an oversight. The Association of British Insurers (ABI) and the Financial Services Authority (FSA), amongst others, have been lobbying hard on this very point and seem to have now made some headway. The issue is currently now under review by no less that 5 COMMITTEES in Brussels, all presumably deliberating on what has to be the most obvious decision they will ever have to make – but remember – this is the EU Parliament we are talking about!
During the mass Q&A in the afternoon, Assistant Commissioner David Smith answered a question put by a delegate in a grey suit and Salford accent, on the very point. He admitted that there were several points within the current EU proposals with which the ICO had issues and that this was a typical example. He went on to say that he felt confident that data sharing would always be justified if it was being done for the purposes of the ‘legitimate interests’ and for the ‘prevention and detection of crime’ and that he had not seen anything in the new proposals that changed that.
So, on the face of it, good news but it really is worth keeping an eye on the EU proposals. Wouldn’t we all feel happier if the insurance fraud world was specifically recognised by way of an exemption?
And what does the EU think of secret filming? If the UK were forced to adopt even some of the tough regulations on covert surveillance that exist across much of mainland Europe we would see the biggest upheaval in recent history in our sector. I detected an insatiable appetite from the regulators on the issue of ‘consent’ to processing. The nightmare scenario of having to say to a surveillance subject, “Hi Mr Smith, is it OK if I film you next Tuesday in relation to your claim?” may not be as farcical as it seems. I kid you not!
I also heard one opinion from a senior ICO official that he favoured following the RIPA example, that of seeking Magistrates’ approval if you wish to put somebody under surveillance in non Public Authority scenarios…you have been warned! (Certainly some form of written authorisation for non-RIPA surveillance is favoured by the Office of Surveillance Commissioners and others – Ed)
‘Unmanned’ Surveillance – Too Risky??
There were two excellent breakout sessions at the conference dealing specifically with surveillance. The way covert video evidence was captured, and in particular the justification for filming individuals, was discussed at length. The point was made most emphatically by the ICO officials that they would only condone the covert processing of personal data (i.e. filming) if it was evidently targeted upon the data subject, and of course that the intrusion could be justified.
They then made the further point that such covert data processing must be discriminate and that every attempt must be made to avoid the inadvertent capture of footage of ‘un-connected’ individuals. They went on to say that whilst some ‘collateral intrusion’ was inevitable, the installation of static unmanned covert cameras, vehicle based or otherwise, was absolutely ‘unfair and excessive processing’ and breached basic DPA principles.
I know that some surveillance companies out there openly recommend and market such tactics – suffice to say it is not a route The Brownsword Group will be going down. The thought of maybe two dozen ‘friends and neighbours’ of a legitimate surveillance target bringing privacy actions against our client is a risk we will not be taking – and that’s before the ICO themselves come down like a ton of bricks.
And Finally – Something Else……..The FSA and a ‘Thematic Review’ of the Use Of Private Investigators
I can advise that the FSA Conduct Business Unit have embarked upon what they are calling a ‘Thematic Review’. They are “seeking information from firms about the controls, oversight and due diligence procedures operated by insurance companies regarding the use of private investigators.”
I understand that specific attention is being paid to TCF, the payment of any inducements or incentives, the frequency and success of investigator involvement and also whether the 2007 ABI Guidelines are being adhered to. It is not surveillance specific.
Insurers can expect a visit in the coming months. Brownsword Group have written to the FSA offering help, assistance and guidance in the production of the review, hopefully providing a view from the ethical investigator’s side of the fence.
It is likely that at this stage the FSA will have little first hand knowledge of the vital working relationships that exist between Insurers and investigators. This, and in the light of current suspicious attitudes from certain regulators towards the investigation sector, may suggest that a degree of education may be necessary from insurers and investigators alike.
Hopefully, in the fullness of time, the FSA will interact with us on this and we will be able to explain the value of the investigators support role to the insurance sector.
I hope you found the above of interest, comments and questions welcomed.
Roger J Bescoby is Director of Strategic Development at the Brownsword Group. Visit www.brownsword.com & www.talk-safe.co.uk
Data Protection Update workshop – Analysis of the latest DPA cases, developments and news from the ICO. Our next workshops are in Manchester on the 28th May and in London on the 31st May.