To RIPA or Not To RIPA: Changes to Council Surveillance Powers

The days of local authorities being able to use surveillance powers to tackle dog fouling and littering offences will soon be over. From 1st November 2012, local authorities will face severe restrictions upon the grounds for which they can authorise Directed Surveillance under the Regulation of Investigatory Powers Act 2000 (RIPA).

The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500  (“the 2012 Order”), was made on 11 June 2012 and will come into force on 1 November 2012,

The 2012 Order amends the Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2010, SI 2010/521 (“the 2010 Order”), which prescribes which officers, within a public authority, have the power to grant authorisations for the carrying out of Directed Surveillance and the grounds, under Section 28(3) of RIPA, upon which authorisations can be granted. At present local authorities have one ground; where it is necessary “for the purpose of preventing or detecting crime or preventing disorder.” (Section 28(3)(b))

From 1st November 2012, local authority Authorising Officers may not authorise Directed Surveillance unless it is for the purpose of preventing or detecting a criminal offence and it meets the condition set out in New Article 7A(3)(a) or (b) of the 2010 Order. Those conditions are that the criminal offence which is sought to be prevented or detected is punishable, whether on summary conviction or on indictment, by a maximum term of at least 6 months of imprisonment, or would constitute an offence under sections 146, 147 or 147A of the Licensing Act 2003 or section 7 of the Children and Young Persons Act 1933. The latter are all offences involving sale of tobacco and alcohol to underage children.

Background

These changes have not come out of the blue. Responding to media stories of councils misusing “anti terror laws” both coalition parties promised in their election manifestos to overhaul Part 2 of RIPA, which regulates local authorities, amongst others, when conducting covert surveillance on citizens. They argued that such surveillance was often used to investigate minor offences and in a disproportionate manner. The introduction of a Serious Crime Test for Directed Surveillance was recommended in the Home Office review of counter-terrorism and security powers published on 26th January 2011.

Directed Surveillance has been the subject of substantial debate and controversy. It is often conducted by local authorities to, amongst other things, investigate a benefit fraud or to collect evidence of anti-social behaviour. Typical methods include covertly following people, covertly taking photographs of them and using hidden cameras to record their movements. Introducing a six months imprisonment test will ensure that such techniques are no longer an option when local authorities are investigating “minor offences” such as dog fouling and littering.

But the 2012 Order also removes the second limb of Section 28(3)(b) (“preventing disorder”). Directed Surveillance for the purposes of tackling anti social behavior will no longer be able to be authorised unless of course the activity involves criminal offences involved carrying a maximum prison term of six months or more. How will this impact on the work of local authority Anti Social Behaviour Units?

There is an exception to the general rule though. Because of the importance of Directed Surveillance in corroborating investigations into underage sales of alcohol and tobacco, the Serious Crime Test will not be applied when Directed Surveillance is being done in these cases.

The other recommendation of the RIPA Review (Magistrate’s Approval) will be implemented via the Protection of Freedoms Act 2012 which received Royal Assent on 1st May 2012. The RIPA provisions in this Act are yet to come into force but when they do they will require local authorities to have all their RIPA surveillance authorisations (i.e. Directed Surveillance, CHIS and the acquisition of Communications Data) approved by a Magistrate before they take effect. (Read more here: http://www.actnow.org.uk/content/47)

When the the Coalition Government published the Bill in February 2011, the Home Secretary, announced:

“The first duty of the state is the protection of its citizens, but this should never be an excuse for the government to intrude into peoples’ private lives. Snooping on the contents of families’ bins and security checking school-run mums are not necessary for public safety and this Bill will bring them to an end. I am bringing common sense back to public protection and freeing people to go about their daily lives without a fear that the state is monitoring them.”

Most local authorities feel that this is a disproportionate response to inaccurate media stories about their “overzealous” use of RIPA. The reality is that most authorities only use their powers in a handful of cases each year and only when there is no other viable means of investigating offences and then in a reasonable and proportionate manner.  The latest available annual report by the Office of Surveillance Commissioners (2010/2011) states:

“Generally speaking, local authorities use RIPA/RIP(S)A powers sparingly with over 50% granting five or fewer directed surveillance authorisations during the reporting period. Some 16% granted none at all.”

The changes to be made to the local authority RIPA regime via the 2012 Order, as well as the Protection of Freedoms Act, will have a big impact on their investigation and enforcement activities.  Now is the time to review RIPA processes and procedures and to make staff aware of the changing legal landscape.

We have a series of courses on RIPA and Surveillance which also cover the changes in the Protection of Freedoms Act. We can also provide in house customized training (e mail info@actnow.org.uk)

 

FOI Review : What to Expect

Last year the Justice Select Committee, chaired by Sir Alan Beith, launched a call for written evidence for its post-legislative scrutiny of the Freedom of Information Act 2000 (FOI). The Committee invited written evidence on the following issues (although those responding were free to discuss other matters):

  • Does the Freedom of Information Act work effectively?
  • What are the strengths and weaknesses of the Freedom of Information Act?
  • Is the Freedom of Information Act operating in the way that it was intended to?

The Committee has now finished hearing oral evidence. Its website contains more details including dates of hearings as well as uncorrected transcripts of evidence. Whilst much has been written and submitted to the Committee about what changes the Government should make to the FOI regime, some changes are more likely to be recommended by it than others:

1. A new exemption for Frivolous Requests

The Information Commissioner’s Office (ICO) has told the Committee (and a recent conference) that it would be in favour of an exemption being introduced to alleviate the burden of frivolous requests e.g. for zombie invasion plans.

My view is that this is a sacrificial lamb being offered by the ICO to try and deflect some of the recent criticism directed towards it. Public authorities have claimed that the ICO is not doing enough to help them at a time when they are being inundated with nuisance requests that clearly have no purpose or value. However the Committee may feel it needs to go further to address such concerns.

2. A Change to the Costs Regime

Many of those that have responded to the Committee’s call for evidence, have expressed concern about the sheer cost of dealing with FOI requests, although the basis of calculation of some of the figures seem highly dubious. It is likely that changes are made to allow more activities to be included as part of the costs limit of £450/£600 limit (under the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004) including perhaps the time it takes to redact exempt information from a document before disclosing the latter.

It seems that the Government is already pre judging the outcome of the Committee’s report. According to a BBC Newsnight report on 5th April 2012, a new fees regime could be introduced to reduce the number of FOI requests. Different tariffs could be used to charge different types of requestors. For more on this read Jonathan Baines excellent guest post for the Save FOI Blog.

3. A new Cabinet Minutes Exemption

The previous Government has on two occasions used the ministerial veto (under section 53) to exempt disclosure of cabinet minutes.  On 24th February 2009 the then Lord Chancellor, Jack Straw, issued the first ever ministerial veto  (See Cabinet Office and Christopher Lamb v IC (EA/2008/0024 & 0029)) when the Tribunal decided to uphold the ruling by the Information Commissioner that minutes of cabinet meetings from 2003 discussing the Iraq War should be disclosed.  On 10th December 2009, Mr Straw did the same again in respect of a decision of the Commissioner (Cabinet Office FS50100665) requiring disclosure of minutes of the Cabinet Ministerial Committee on devolution to Scotland and Wales and the English Regions in 1997.

Dominic Grieve, the Attorney General, also used the veto to block release of Cabinet Minutes relating to Scottish and Welsh Devolution. Recently the Health Secretary, Andrew Lansley, caused controversy when he used the veto to block access to the NHS Risk Register. On each occasion the veto has been used, the Commissioner has issued a report to Parliament expressing disappointment. However recently he has said that if the Government feels strongly about Cabinet Minutes being kept secret then an absolute exemption should be introduced. Bearing in mind what the Prime Minister and Lord O’ Donnel (the former head of the civil service) have said about FOI recently, this is a strong possibility.

4. Other Possible Changes

Looking at the various submissions to the Committee especially those from the ICO, it is also likely that statutory limits for Internal Reviews and the public interest test are recommended to avoid delays in dealing with requests. It may also be recommended that now FOI has bedded in, the role of the Qualified Person (under section 36) be removed so that there is no delay in Refusal Notices being issued where this exemption is claimed.

The Committee is due to report before the Summer Recess of Parliament.

Ibrahim Hasan is doing a web seminar on the changes to the FOI, DPA and RIPA regime to be made by the Protection of Freedoms Act. Click Here  for more information.

Sort of Fair Processing Notice

Walking through Huddersfield the other day I caught this interesting example of a fair processing notice. It was a bus shelter. The actual notice was well above the normal range of vision. (Which reminds me of an old joke. What lies on its back eight feet up in the air.  Answer later.)

But how fair is this sign? Is it a fair processing notice informing data subjects that they might be being filmed? It has the magic acronym CCTV so there’s definitely a possibility that filming is taking place. But the other words seem to confuse the issue.

Anti-social behaviour is a crime. We’re not going to disagree with that are we? but it’s a statement of fact not really what’s needed on an FPN. You might as well say that Chelsea won the Champion’s League this year.

Plain Clothes Police Officers.  So how do we know they are Police Officers? Do they wear a carnation in their lapel or are they really operating covertly? This phrase means that everyone on the streets may be a police officer. Is this fair? Or if covert operations are being undertaken why do we say that plain clothes police officers are in place. Isn’t covert er… wait for it… covert? Does RIPA ring a bell?

Or CCTV in use.  Whoa let’s take a rain check.  Either it is in use or it isn’t. If it is you put up signs saying who’s doing it, why and contact details. If it’s not you don’t. Or maybe it’s secret filming. Donnnngggg. (That’s an alliteration denoting the tolling of the RIPA bell)

Finally your behaviour could be under observation. Back to the previous paragraph. Either it is or it isn’t. If it is for general crime prevention purposes then put up signs. If it’s a covert operation pre-authorise it through your SPOC and don’t bother with signs.

And to finish off 7 (count them) individual organisations contributed to this sort of fair processing notice including some very well known ones. So 7 data protection persons gave their opinion on the poster. No-one thought it was a bit naff.   Or maybe they didn’t ask the DP persons.

Take care in Huddersfield. They might be filming you (or not). Anyone at all could be a police officer. And Chelsea won the Champions League.

Ah yes the answer to the question.

What lies on its back eight feet up in the air. A dead spider.

FOI Man in Training

We are pleased to announce that Paul Gibbons, aka FOI Man, is doing two workshops for us on Practical FOI: How to Make FOI Work in Your Organisation”. Paul is a very experienced FOI Officer currently working in the university sector. Before that he spent many years as a records manager in both the private and public sectors.Paul runs the very popular FOI Man Blog and tweets as @FoIManUK.

This is what he says about his new Practical FOI Course for Act Now Training:

“One or two of you may have noticed that I’m branching out. Act Now Training have kindly asked me to develop and run a training course on Practical FOI.

Now I know there are lots of training courses on FOI out there, so what’s special about this course?

Well, as the name suggests, this isn’t about complicated legal arguments on the application of exemptions. This is about what you actually need to do if you’re an FOI Officer – especially if you’re new to the job.

You can find other courses that will cover one aspect of being an FOI Officer, but Practical FOI goes over the basics of everything that you’ll need to do.

We’ll be looking at ways to raise awareness amongst colleagues. Discussing the best methods for logging FOI requests. Picking out what you really need to do to improve your organisation’s records management.

We’ll talk about how to deal with colleagues who don’t want to answer FOI requests. And what procedures you need in place to manage complaints.

I look forward to helping you work out how to make FOI work in practice.”

Practical FOI is running in Manchester and London. Book Now to avoid disappointment.

Do You Want To Be Certified?

If you’re thinking about studying for the ISEB Certificate in Data Protection  or Freedom of Information to enhance your career prospects, there are a few things you should consider.

It’s the only externally examined qualification in the sector specifically targeted at current and potential DP and FOI practitioners (although there is a company that has created its own qualification which isn’t accredited by ISEB). Some organisations, when recruiting for an information governance vacancy, ask for candidates who have the ISEB Certificate. Others list it as a desirable qualification.

So what do you look for in a training provider? 

First of all is it accredited by ISEB?  This is a process that takes time and costs money. Every provider has had their company examined; their course director examined, their tutors examined and the course material scrutinised by experts. So choose an accredited provider – there are a few to choose from and you can find them on the ISEB website.

Next check out each provider’s website. Here are a few indicators that will give you some idea of their quality.

People 

You need to know who is going to teach the course. Are trainers better than lawyers? Is it a name you know who has worked in the field, who contributes to bulletin boards, who speaks at conferences, who is active in the DP/FOI community? Is it a trainer or a legally qualified person? There are trainers who are also legally trained but  they are rare. However in our extensive career in the sector we have been delegates on courses where very highly qualified legal people (barristers no less) have failed miserably to get across simple concepts because they couldn’t descend from their ivory towers.

While we’re on the subject some training providers don’t tell you who will be teaching the course. Some say “qualified lawyers” (are there any other type of lawyers?) Some don’t say even when you ask them. One declined to tell our researcher on the grounds of (are you ready for this…) Data Protection!

Training Methods

It’s not just  “here’s a booklet – read it” nor is it “watch these 500 PowerPoint slides”. You should expect to see a breakdown of what each day involves; whether it’s exercises, case studies, role play, videos, online sessions; quizzes; sample questions; homework, mock exams with tutor feedback. One training provider describes its teaching method as “Course” – that’s it, just one word!

Mock Exam

Many ISEB candidates last did an exam before the age of the Internet. Many have never used a pen to write for half an hour continuously let alone three hours.  We think it is crucial that candidates sit a full mock exam before the final exam. This allows candidates to hone their exam technique and expose any gaps in their revision.

Pass Rates

Look for them (ask for them). Some will go on at length about how they are the best but the basic pass rate should tell you a lot. The ISEB pass rate for DP is about 68%. FOI is a little higher. Your training provider should tell you how well their candidates  do. If they don’t then ask yourself why they don’t. Maybe they’re new; maybe they don’t get many delegates through.

Testimonials

There’s a law not dissimilar to Murphy’s Law, which we haven’t quite tied down that says something like… “There’s nosuch thing as a poor testimonial.” It could be Finagle’s constant or Sods law but don’t put too much faith in glowing testimonials. Everyone gets good ones. Few get bad ones. No one publishes a bad one. If you really want to know what an ISEB course was like ask someone who has done one with the same training provider. If you don’t know anyone, ask the provider for details of a previous candidate from your sector who does not mind giving a reference.

Price

You get what you pay for; the cheapest may not be the best. You may save a couple of hundred pounds on a course by going for a cheap provider. But the quality and content of the course may mean that you end up failing and spending more on a resit.

Conclusion

Pick a training provider who knows what they’re doing, with experienced well known speakers, who give you all the information you need to know on their website to take the course and who has a good pass rate.

Finally

ISEB has been renamed BCS Professional Certification but I think we’ll still call it ISEB

For more on more on how to pass the ISEB exam see our earlier blog post  

 

Our next ISEB courses start in London and Manchester in June

For more Information on our website or email us.

Protection of Freedoms Act 2012

Protection of Freedoms Act 2012

 2012 CHAPTER 9

The Protection of Freedoms Act 2012 received Royal Assent on 1st May 2012. The Act contains a number of measures which, when brought into force, will have a major impact on public authorities especially councils. Amongst other things the Act:

Introduces a new code of practice for surveillance camera systems. This is in addition to the CCTV Code of Practice under the Data Protection Act 1998. There will also be a surveillance camera commissioner. Read our article on  the New CCTV Regime 

  • Extends the Freedom of Information Act by requiring datasets to be made available in a re-usable electronic format. Read our blog entry on how this can make you money. For details of an innovative use of a dataset click here
  • Provides for Magistrates’ approval of all surveillance activities by local authorities under RIPA. Read a full article on the changes.
  • Requires schools to obtain parents’ consent before processing children’s biometric information
  • Restrict the scope of the ‘vetting and barring’ scheme for protecting vulnerable groups and makes changes to the system of criminal records checks. Read our article

Ibrahim Hasan is doing a special online training session  on the new Act in June and July.

The Act will also:

  • bring in a new framework for police retention of fingerprints and DNA data
  • provide for a code of practice to cover officials’ powers of entry, with these powers being subject to review and repeal
  • outlaw wheel-clamping on private land
  • introduce a new regime for police stops and searches under the Terrorism Act 2000 and reduces the maximum pre-charge detention period under that Act from 28 to 14 days
  • enable those with convictions for consensual sexual relations between men aged 16 or over (which have since been decriminalised) to apply to have them disregarded

All our information and surveillance law courses will be updated to take account of the new Act. If you would like customised in house training on any aspects of the Act, please get in touch.

FearSquare : A Dataset to be Feared?

A recently launched mobile phone application provides a useful insight into what could be possible if public authority datasets are fully exploited.

Many datasets are routinely published  by public authorities and are available for re use at little or no cost. Others can be accessed by making a request under the Freedom of Information Act 2000 (FOI). The Protection of Freedoms Act 2012 , which received Royal Assent on 1st May 2011, will make access and re use of datasets much easier. Once the Act is brought into force, amongst other things, it will amend FOI so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. The key points are:

  • There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows its re-use where reasonably practicable.
  • Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
  • Publication schemes will in future contain a requirement to publish datasets, which have been requested, as well as any updated versions.
  • Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.

On the face of it, these obligations seem onerous. However they may also bring an opportunity for public authorities to raise some much needed revenue. They will be able to charge a fee (and make a profit) for allowing re use of any datasets containing copyright material (Read Ibrahim Hasan’s detailed article on the dataset provisions).

Once datasets are released, the idea is that clever people out there will think of innovative uses for them. This may involve a “mash up” with other data. One example is Fearsquare. Its website states:

“FearSquare is an application which allows FourSquare** users in the UK to easily see the official crime statistics for the places where you ‘check-in’. The intention is to give you a uniquely individual look at the levels and types of crimes you are exposed to in your daily life.”

** If you are not “cool” and “with it” like me, go to the end of this blog post for a brief explanation of Foursquare.

Foursquare knows all the locations that a user visits most often. These may be areas with high levels of recorded crime or are known for specific types of crime. For example, a user may be contemplating walking in an unfamiliar area where there have been a lot of muggings. FearSquare aims to keep the user updated on their surroundings and the levels and types of crimes recorded nearby. After all, forewarned is forearmed!

Fearsquare takes its crime stats from the UK Police Crime Statistics database. It has a “leaderboard” of the most dangerous areas based on the crime reported. The leaderboard gives out points to the most crime-heavy areas based on the types of infractions that take place, be it robbery or weapons related crimes.The site also has a real-time ticker that displays check-ins that have unlocked crime statistics, which serves as another way of discovering places that a user should be weary of visiting alone.

Interestingly there is a “game” built into FearSquare. The bold and the brave are awarded points when they visit the most crime-ridden areas in the UK. I think I will stick to establishments offering Nectar Points!

Fearsquare is the brainchild of Lincoln Social Computing Research Centre(part of the University of Lincoln) and is part of a study looking at how this sort of personalised data could change user behaviour. It is a good example of an innovative use of an openly available dataset. Public authorities need to start work now on identifying useful datasets they hold and raising awareness amongst stakeholder departments as to how they could be exploited. This opportunity, which should not be left to the private sector alone, nor should it be the realm of those who are motivated by profit.

Now if Dorothy or Little Red Riding Hood had this app on their mobile phones, i wonder which route they would they have taken?

NB Foursquare is an application (very popular in the US, less so here) which allows users to use the location services on their mobile phone to electronically “check in” at various locations; from coffee shops, pubs and restaurants to supermarkets. More check ins mean prizes as well as the much-envied status of “mayor” of a certain location. See https://foursquare.com/about/ for more.

New Webinar– For more on this and other aspects of the Protection of Freedoms Act, join us on our one-hour online seminar: http://www.actnow.org.uk/courses/city_ONLINE

Book Review: Essential Law for Information Professionals by Paul Pedley (3rd edition @facetpublishing)

It is always difficult to write a guide for non lawyers on very complicated areas of law. The task is made more difficult by the fact that information law includes lots of different statutes and regulations including the Freedom of Information Act, the Data Protection, the Environmental Information Regulations (to name just a few). This book is a very good attempt at the task by a well qualified author. Paul Pedley is a visiting lecturer at City University and the author of two books on digital copyright. The first edition of this book appeared in 2003 and immediately established itself as a popular training and student text.

The third edition of this book aims to offer up-to-date and easy-to-follow practical advice on the law as it affects information management and the fundamental principles underlying practice.  New and up-to-date coverage includes:

• the Digital Economy Act 2010 and it’s implications for libraries
• the Open Government License and the re-use of public sector information
• patents and trademarks
• CILIP’s guidelines on user privacy in libraries
• the move to extend legal deposit to electronic content
• recent changes in libel law
• the Data Protection Act and new penalties for infringement
• digital content and platforms
• open access and social networking.

The chapters on copyright, data protection  and privacy are a good starting point for anyone wishing to understand these laws.  The Freedom of Information chapter covers both the law in Scotland (FOISA) as well as the rest of the UK. The section on publication and re use of datasets (as per the Protection of Freedoms Bill) relies heavily on an article in our May 2011 newsletter. This is now slightly out of data as the Bill has now become law and some changes to the dataset provisions were made during the passage of the Bill through Parliament. A more up to date explanation of the dataset provisions can be found in our previous blog post.

All in all I would recommend this book. Whilst it is primarily aimed at librarians, it is a good basic guide for those working in information governance. It provides a useful starting point for anyone who requires a “quick run through” the salient points before moving on to something more substantial. For this purpose the references at the end of each chapter will assist. Priced at £49 this book is a useful addition to any legal library.

To buy this book visit the Facet Publishing website.

New Data Sharing Laws: Too Far, Too Fast?

According a story in the Guardian newspaper last week, proposals to be published in May by the Cabinet Office minister, Francis Maude, are expected to make it easier for government and public-sector organisations to share confidential information supplied by the public.

“In May, we will publish proposals that will make data sharing easier – and, in particular, we will revisit the recommendations of the Walport-Thomas Review that would make it easier for legitimate requests for data sharing to be agreed with a view to considering their implementation,” said Maude, adding that current barriers between databases made it difficult for public sector workers to access relevant information.

“It’s clearly wrong to have social workers, doctors, dentists, Job Centres, the police all working in isolation on the same problems.”

The Guardian reported that the proposals are expected to include fast-track procedures for ministers to license the sharing of data in areas where it is currently prohibited, subject to privacy safeguards.

Maude has hit back at the reporting of the proposals. Whilst the detail is awaited, one has to wonder whether this is the right time to consider such measures. The recent announcement of a new law to require Internet firms to give intelligence agency, GCHQ, access to everyone’s communications data on demand and in real time as well as the ongoing controversy about the failure to regulate press intrusion has already raised concerns about the Government’s commitment to “roll back the surveillance state”.

Civil liberties campaigners are already saying that the new plans are further evidence of the revival of “The Database State” proposed by New Labour. In a recent article the Campaign Group, NO2ID, argued that the Government should establish clear guidelines on people’s rights to privacy to put a brake on official bodies sharing data.

This is not the first time that concerns have been raised about data sharing. In July 2008 “The Data Sharing Review Report” was written by the then Information Commissioner, Richard Thomas, and Wellcome Trust director, Mark Walport. In it they warned:

“The tenor of the government’s argument has focused closely on the benefits of data sharing, paying perhaps too little attention to the potential hazards associated with ambitious programmes of data sharing,” stated the report. “The government has consistently laid itself open to the criticism that it considers ‘data sharing’ in itself an unconditional good, and that it will go to considerable lengths to encourage data-sharing programmes, while paying insufficient heed to the corresponding risks or to people’s legitimate concerns.”

Is the current law not adequate to regulate yet allow responsible data sharing? The Data Protection Act 1998 (DPA) already governs all processing of personal data including the sharing of it. Whilst it is still conceived as a barrier, if properly understood, it can be a tool for responsible data sharing. Most public sector data sharing will be lawful if organisations comply with the Eight Data Protection Principles; particularly the First Principle which requires information to be processed fairly and lawfully. There are also numerous exemptions in the Act including where sharing is required for the purpose of prevention or detection of crime (section 29).

In May 2011, the Information Commissioner published a new statutory Code of Practice on data sharing. The Code explains how the DPA applies to the sharing of personal data both within and outside an organisation. It provides practical advice to the public, private and third sectors, and covers systematic data sharing arrangements as well as one off requests for information.

So is there really a need for a new law on data sharing? The Information Commissioner’s Office has issued a short statement on the proposals. Reading between the lines, it seems to be saying that the current law and the ICO Code are adequate. What do think?

Read our article for a full explanation of the ICO Data Sharing Code.

You can attend our full day Multi Agency Information Sharing workshops

We also have a one-hour online seminar on this subject.

Please call re ICO conference.

Working around the UK us Act Now speakers sometimes get messages or emails from the office staff.  If we can we pick these up and follow them up at lunchtime, coffee breaks etc.

Last week I received once such message and it looked promising. (See title of post). The ICO want to talk to me about his conference…    is it the invitation I’ve been waiting for to address 500 colleagues on the Data Protection joke book from A to B?  Is it an opportunity to run a workshop or maybe they want us to advise them on something.

My flying fingers could scarcely contain a feverish frisson of excitement as I dialed the digits.

It wasn’t the ICO. It was a company who to be truthful did identify themselves but did it so quickly that I missed it (but I have their number). Some gentle introductory questions about why we attended blah blah blah then they got to the main course. Who do we speak to in your company about encryption solutions? Head of Procurement? IT director?

I asked the obvious question and was told that they obtained my name and corporate details from the documentation given out at the recent DPO conference in Manchester. And to the obvious follow up question – yes they were ringing delegates to offer them Encryption solutions.

I ended the call using a well know technique and started wondering.  I wasn’t happy but had they breached any laws or regulations? DPA? Was it personal data? If it’s not personal then all the principle 6 rights disappear. Was it marketing?  A section 11 issue? That again specifies personal data.

Aha. They used the telephone. Isn’t that covered by PECR? And PECR is about subscribers not individuals. If we were registered with corporate TPS they’d be committing an offence wouldn’t they? Wouldn’t they?

What about the ICO? Should they have issued a list of delegates to all delegates? Was it not personal data but became personal data once it was worked on by another data controller? What schedule 2 condition applies to data collected at a conference and manipulated by the user to be used for marketing and selling.

I remember in the days when I spoke at conferences and the organisers would invite me to speak and they also invite me to email their flyer to all my colleagues in the sector. In those days it was routine to list email addresses of delegates in the conference documentation. Things have changed but dodgy practice still exists.

Did anyone else get this call? Were any offences committed?