Feeds

Disclosure to private eyes sometimes legal, says privacy watchdog

Good news for mustachioed Ferrari drivers

Combat fraud and increase customer satisfaction

Organisations should not hand over employees' personal details to private investigators except in very limited circumstances, the Information Commissioner's Office (ICO) has warned.

The handing over of personal information is likely to be a breach of the Data Protection Act (DPA) in most cases but if some strict conditions are met, the exchange of information can sometimes be legal, the guidance said.

Private investigators are hired not only by insurers investigating fraud and by debt collectors, but also to trace missing friends or relatives or the beneficiaries of wills.

The ICO said that in most cases the (DPA) will prevent organisations from handing out details.

"[The Act] generally restricts disclosure of personal information to third parties unless an exemption applies," said its advice. "Customers and employees will usually have an expectation that their information will not be disclosed to third parties without good cause."

The ICO said that a danger was the 'blagging' of information, where people try to obtain personal information from organisations by deception. "[This] is part of an illegal trade in personal information as highlighted in the Information Commissioner’s 2006 report “What Price Privacy?”. A private investigator with a legitimate request will be open about their activity and will not need to resort to blagging," it said.

The ICO said that it was a principle of the DPA that people are told when their information is gathered how or when it will be disclosed.

"Disclosures to private investigators... are unlikely to be included in the information given to individuals and therefore these disclosures are unlikely to be in their reasonable expectations and may be unfair," it said. "However, the disclosure can still take place provided that there is no overriding duty of confidence in the particular circumstances, the purpose that the information will be used for is in the legitimate interests of the individual and will not prejudice them in any way and the organisation subsequently informs them of the unexpected disclosure."

The ICO said that there will be some rare circumstances in which organisations can pass on information, though.

"In some limited cases it may be possible to disclose personal information to a private investigator where an exemption does not apply," it said. "This will be where a disclosure to the investigator is in compliance with the good information handling principles contained in the Act and in particular it is fair and lawful and not incompatible with the purposes that the information were originally collected for."

The advice says that organisations are entitled, but not compelled, to give out information if the investigator is acting for people involved in litigation. "The organisation should subsequently inform the individual that their information has been disclosed to a private investigator for these purposes," it said. A similar exemption from the DPA exists with regard to the detection or prevention of crime.

The ICO said that organisations should always insist on written requests for information, should inform the person whose information is being asked for of the request and record all actions in relation to it.

The ICO also said that private detectives themselves should be careful not to disclose more information than is necessary to the organisation when making their request, that they hold personal information and must not unnecessarily disclose that.

SANS - Survey on application security programs

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.