Section 56 Enforced Subject Access: Worth the wait? Jonathan Bamford Head of Strategic Liaison Information Commissioner s Office



Similar documents
Enforced subject access (section 56)

Who benefits from the Rehabilitation of Offenders Act and how?

Tenants and Leaseholders Home Contents Insurance Scheme Application Form

THIS GUIDANCE APPLIES FROM 10 MARCH 2014

Staff DBS Checks and Employing Exoffenders:

Modern Slavery Act 2015

Underwritten by. Home Contents Insurance Application Form

Victims Compensation Regulation 1997

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015

Identity Cards Act 2006

Offender Rehabilitation Act 2014

Advice to Applicants to HM Armed Forces

Police National Computer (PNC) Page 1 of 20 Guidance Police National Computer (PNC) version 5.0 Valid from 23 January 2014

Increasing the Magistrates Court fine limit Equality Impact Assessment

home contents insurance A special service for tenants of Bristol City Council

Advice to Applicants to HM Armed Forces

DESCRIPTION OF THE MEDICINES FOR HUMAN USE (CLINICAL TRIALS) REGULATIONS 2004

Sanction Policy: In respect of fraudulent Social Security Benefit Claims. The Department for Work and Pensions

DATA AND PAYMENT SECURITY PART 1

Psychoactive Substances Act 2016

Please indicate the register in which you wish to be included: First name(s) Surname Title. Country (if not UK)

Transfers home for prisoners abroad

ESSENTIAL ACCIDENT & FATALITY STRATEGY

Impact Assessment (IA)

Guidance on political campaigning

Application for a Scrap Metal Licence

Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice.

Timing: between 45 minutes and 75 minutes depending on options chosen.

Information Commissioner s Office. ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974

How do I apply to vote by post?

The Legal Aid, Sentencing and Punishment of Offenders Act (LASPO) Evidence Requirements for Private Family Law Matters

CAYMAN ISLANDS. Supplement No. 1 published with Gazette No. 22 of 22nd October, MUTUAL FUNDS LAW (2012 REVISION)

FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS

Rehabilitation of. Offenders Act 1974

Contents. Introduction. How to report a fraud. What happens when you report a fraud? The investigation process

PART 37 TRIAL AND SENTENCE IN A MAGISTRATES COURT

Memorandum of Understanding between the Competition and Markets Authority and the Crown Office and Procurator Fiscal Service.

Criminal Justice and Immigration Act 2008

2013 No REHABILITATION OF OFFENDERS, ENGLAND AND WALES

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015

2013 No. 233 ENVIRONMENTAL PROTECTION. The Timber and Timber Products (Placing on the Market) Regulations 2013

How long do I have to disclose my criminal record for? unlock.org.uk. A brief guide (updated in 2014) to the Rehabilitation of Offenders Act 1974.

Impact Assessment (IA)

Model Spent Convictions Bill - Consultation paper

REHABILITATION OF OFFENDERS (Criminal Procedure and Evidence Act 2011) GUIDANCE NOTE

Guide to Criminal procedure

Council Tax Reduction Anti-Fraud Policy

Victims of Crime. information leaflet. Working together for a safer Scotland

Mesothelioma Act 2014

Quick House Sales. Market Study Annexe A: What are the main laws that may apply to quick house sales? August 2013 OFT1499A

Criminal Justice and Courts Bill

Enterprise Insurance Services (Swansea) Limited Per Click Proposal Form Domestic Energy Assessors Insurance

Supplement No. 5 published with Gazette No. 15 of 20th July, MUTUAL FUNDS LAW. (2009 Revision)

The Criminal Procedure Rules October 2015 PART 9 ALLOCATION AND SENDING FOR TRIAL

ROAD RISKS PROPOSAL FORM

MANCHESTER CITY COUNCIL REPORT FOR INFORMATION. The work of the Criminal Justice System

2 Where can I find information about how the rehabilitation rules work? 3 What am I required to tell a new employer about my old convictions?

Information for registrants. What happens if a concern is raised about me?

Criminal Justice Act 2003

Insolvent Company Investigations. What we do

COMMERCIAL INSURANCE PROPOSAL FORM COVER DESIGNED FOR YOUR BUSINESS

GETTING INVOLVED? Occasional Helper (OH) Form (England and Wales) scouts.org.uk/appointment D D M M Y Y M F D D M M Y Y

Application for a licence to operate private hire vehicles

Crimes (Computer Hacking)

Subject access code of practice

ATTORNEY GENERAL S GUIDELINES ON PLEA DISCUSSIONS IN CASES OF SERIOUS OR COMPLEX FRAUD

CALDERDALE METROPOLITAN BOROUGH COUNCIL

The Code. for Crown Prosecutors

The board of directors of a company is primarily responsible for:

Enforcement Policy Statement

Protection of Freedoms Bill

Data protection for commissioners

# Magistrates' Courts Rules (Northern Ireland) 1984

Abusive Behaviour and Sexual Harm (Scotland) Bill [AS AMENDED AT STAGE 2]

Application form for childminders and providers of childcare on domestic premises to seek approval to operate from non-domestic premises

2003 No. 357 INSOLVENCY. The Insolvent Companies (Reports on Conduct of Directors) Rules (Northern Ireland) 2003 STATUTORY RULES OF NORTHERN IRELAND

Freedom of Information Act 2000

Company Investigations What we do.

Queensland CORRECTIVE SERVICES AMENDMENT ACT 2003

the parties may request a review of the provisions of this MoU.

Private Residents Association. Private Road. Public Liability Insurance. Prospectus and Proposal Form IN ASSOCIATION WITH

Information for witnesses going to court

Fit and proper person form

Employers Liability (Compulsory Insurance) Act 1969

Immigration, Asylum and Nationality Act 2006

Application form. Dental Care Professionals and Practice Managers

SEXUAL OFFENCES PREVENTION ORDERS.

Employers Liability Insurance

Disclosable under FOIA 2000: Yes Author: T/CI Nick Barker Force / Organisation: BTP Date Created: May 2009 Telephone:

CRIMINAL JUSTICE (SCOTLAND) BILL AMENDMENTS TO BE LODGED AT STAGE 2

The support you should get if you are a victim of crime

An employer s guide to the administration of the civil penalty scheme

Criminal Justice and Courts Act 2015

Rehabilitation of Offenders Act 1974

Data Breach Trends October 2015

The Victims Code: Young victims of crime: Understanding the support you should get

Interception of Communications Code of Practice. Pursuant to section 71 of the Regulation of Investigatory Powers Act 2000

The Government propose to take a zero tolerance approach to the following 8 controlled drugs which are known to impair driving:

BAILIWICK OF GUERNSEY DATA PROTECTION

Transcription:

Section 56 Enforced Subject Access: Worth the wait? Jonathan Bamford Head of Strategic Liaison Information Commissioner s Office

Section 56: Key points MoJ commitment to bring into force on the 1 December 2014 but slippage https://www.justice.gov.uk/information-access-rights/data-protection Creates a new criminal offence under the DPA. Triable in either a magistrates or a crown court. Punishable by way of an unlimited fine in England and Wales (different maximums apply in Scotland and Northern Ireland)

Section 56(1): What does the Act say? Section 56(1) A person must not, in connection with (a) The recruitment of another person as an employee, (b) The continued employment of another person, or (c) Any contract for the provision of any services to him by another person, require that other person or a third party to supply him with a relevant record or to produce a relevant record to him.

Section 56(2): What does the Act say? Section 56(2): A person concerned with the provision (for payment or not) of goods, facilities or services to the public or a section of the public must not, as a condition of providing or offering to provide any goods facilities or services to another person, require that other person or a third party to supply him with a relevant record or provide a relevant record to him.

Section 56: Scope of the offences Section 56(1): Section 56(1)(a) and (b) cover circumstances related to the recruitment or continued employment of employees. Employee is defined in section 56(10) and includes anyone who works under a contract of employment or holds any office. Section 56(1)(c) covers contracts for the provision of goods, facilities or services to the data controller by another person. The requirement must be made in connection with any of these matters This makes this section broad in scope.

Section 56: Scope of the offences Section 56(2) Section 56(2) covers the provision of goods, facilities or services by a person to the public or a section of the public. The person imposing the requirement must be concerned with the provision of the goods, facilities or services in question. Goods facilities and services is not defined in the DPA, so should be given its natural meaning. Goods will typically refer to the provision of tangible products, facilities and services cover the provision of things such as overdrafts (facilities) or insurance (service). 56(2) is narrower than 56(1) The requirement must be imposed as a condition of providing or offering to provide the goods, facilities or services.

Section 56: Other key terms Relevant record: Defined in section 56(6) as being any record which: Has been or is to be obtained from specified data controllers by a data subject by way of a subject access request and Contains information relating to any specified matter in relation to that data controller (including a statement that no personal data relating to that matter is being processed (s.56(9)) Includes a copy of such a record or part of such a record BUT does NOT include any record to the extent that it relates only to category (e) personal data. (Section 56(6A))

Section 56: Other key terms Require Important term as it is the imposition of a requirement which is the offence. Require has a variety of natural meanings, including to make compulsory or to make necessary. We take a wide view of what would constitute a requirement to cover: Any circumstance where the data subject is given no choice but to make a subject access request. (make a SAR or else ) It can also cover circumstances where a data subject is asked or invited to make a SAR. The consequences to the individual of not making a SAR, be they actual, likely or perceived, will be an important consideration in determining the existence of a requirement.

Section 56: Defences Section 56(3) provides for two defences: Where the imposition of the requirement was required or authorised by or under any enactment, by any rule of law or by order of a court, or In the particular circumstances the imposition of the requirement was justified as being in the public interest. BUT The imposition will not be in the public interest simply because it would assist with the prevention or detection of crime (section 56(4)).

Section 56 Case Studies: Richard is applying to work at a well known toy store. On the application form it asks him to declare if he has any convictions or cautions. Beneath this, it asks if he would be prepared to make a request for a copy of his Police National Computer (PNC) record and provide them with the results. It has a tick box for yes and a tick box for no. Richard has no criminal convictions or cautions and so ticks yes. Is this an enforced subject access? The information requested would be a relevant record as it is information about Richard s convictions/cautions (even though no information is held) and it is to be obtained by Richard making a SAR. The likely effect of Richard ticking no is that his application will not be processed In effect he has no real option but to tick yes. This is sufficient for it to be a requirement. The requirement is made in connection with the recruitment of Richard as an employee This would be an offence under section 56(1)(a).

Section 56: Case Studies Jonathan is making a claim on his home insurance. After he submits his claim, his insurance company contacts him and asks him to obtain a copy of his PNC record. They advise him that failing to do so may result in him receiving a reduced pay-out and may adversely affect his premiums next year. Is this enforced subject access? The insurance company is concerned with the provision of services to the public. The information to be obtained is a relevant record to be obtained by Jonathan in response to a SAR. If Jonathan does not make the SAR he faces the prospect of a lower pay-out and/or higher premiums This would be sufficient for there to be a requirement. BUT Jonathan will be insured regardless of whether he makes the SAR or not. The provision of the service is not conditional on the SAR being made. This would not be an offence.

Section 56: Case Studies Jenny has applied to a local housing association in order to get a property. Prior to accepting her application, the housing association asks Jenny to obtain a copy of her prison record and records of her national insurance contributions. Is this enforced subject access? The information requested is a relevant record The table includes information relevant to social security contributions and prison records. It is to be obtained by Jenny in response to a SAR. Jenny is not being offered a choice in this case although even if she were given the option of saying no, it is likely then that her application would be refused. This is a requirement. The housing association are concerned with the provision of goods, facilities and services to the public. Her ability to get housing from the association is dependent on her making the SAR The requirement is a condition of the provision of service/facility.

Section 56: Enforced Subject Access Section 56 will come into force soon and will make it an offence to require an individual to make a subject access request for certain information, such as their criminal convictions. The ICO takes a wide view of what constitutes a requirement. In most cases it will be the circumstances in which the potential requirement was imposed, as well as the likely or actual impact on the individual of not making the request, which will determine whether a requirement actually exists or not. The offence is triable either way and is punishable by way of an unlimited fine in England and Wales. For more information, see our detailed guidance on our website: http://ico.org.uk/for_organisations/data_protection/subject_access_requests/ Enforced-SAR

Keep in touch Subscribe to our e-newsletter at www.ico.org.uk or find us on /iconews @iconews

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information