From a data protection perspective, it has been hard to keep up with recent events: every day has been more revealing than the previous day. A company’s powerful management has been humbled for invasions of privacy; worse could follow, if the allegation that the company "hacked" the families of 9/11 victims, is proven. No more will any manager be able to say “Privacy and data protection law: that is risk-free piffle!”.
The Home Affairs Select Committee Report published yesterday contains some trenchant criticism (that should be well known to readers of this blog). For instance, the Committee note that “section 2(7) of the Regulation of Investigatory Powers Act (RIPA) 2000 is particularly important and not enough attention has been paid to its significance”. This is the provision that the Metropolitan Police and the CPS overlooked when interpreting the extent of RIPA offences; they claimed that the offence only applied to unread emails (see references).
In general the Committee states that “the lack of a regulatory authority under the Regulation of Investigatory Powers Act has a number of serious consequences” adding that "the only avenue if anyone is suspected of unauthorised interception is to prosecute a criminal offence, which, as the Information Commissioner noted, is a high hurdle in terms of standard of proof as well as penalty”.
Because “the apparent increase of hacking in areas such as child custody battles and matrimonial disputes, and the consequential danger of either the police being swamped or the law becoming unenforceable” the Committee thinks “there is a strong argument for introducing a more flexible approach to the regime, with the intention of allowing victims easier recourse to redress”.
The Committee thus recommends that “the Government reviews how the Act must be amended to allow for a greater variety of penalties for offences of unlawful interception, including the option of providing for civil redress, whilst retaining the current penalty as a deterrent for serious breaches”.
The Committee also recommends the extension of the Information Commissioner’s remit to cover the provision of advice and support in relation to chapter 1 of the Regulation of Investigatory Powers Act. This is because “hacking” and “intercepting” are also data protection issues when personal data are involved.
The Committee is also “concerned about the number of Commissioners, each responsible for different aspects of privacy”. Consequently, the Committee “recommends that the government consider seriously appointing one overall Commissioner, with specialists leading on each separate area”. This is because “the regulatory regime that covers the use, disclosure and interception of communications related data is fragmented”. Hurray! The penny has finally dropped.
All the above recommendations re RIPA could easily be implemented by the Freedoms Bill currently before Parliament. If the Government mean what they say, then they have a vehicle to make the necessary legislative changes before the end of the year. So are the Government serious? We will get the answer to that question when Parliament reassembles in October.
Finally, the Appendix to the Committee’s report contains the detail of all the newspapers that used private investigators as identified from documents seized during Operation Motorman and published in the ICO reports “What Price Privacy?”. The police have already stated that they will review the ICO evidence and have added 15 more police officers to the inquiry. This change will inevitably mean that the “Hacking Inquiry” could well become also a "Blagging Inquiry" and if so, its reach with extend to the rest of the UK tabloids.
Given that the Murdoch Press Empire has been hauled over the coals, it is in their interests to ensure that other newspapers shoulder some of the blame. There is a prospect of a “dog eats dog” world with respect to newspaper stories about privacy violations in the coming year; so expect privacy and data protection to feature in the headlines.
Finally, today (Friday) is ISEB data protection/FOI exam day. This exam is not easy so good luck to all who are sitting it.
References
Home Affairs Select Committee Report (http://www.parliament.uk/business/committees/committees-a-z/commons-select/home-affairs-committee/news/110720-phone-hacking-report/).
For details of section 2(7) of RIPA, see http://amberhawk.typepad.com/amberhawk/news/page/2/
Advert:
We have timetabled our Audit, Privacy Impact Assessment, and RIPA courses for September 12th, 13th and 14th in London. From September we have DP/FOI courses in London, Edinburgh (DP only), Manchester and Leeds. Next Update is October 17th 2011 in London. Rosemary Jay will be analysing the data protection fallout of the hacking affair at the Update session. Full details on the Amberhawk main site (www.amberhawk.com).
A little-known paragraph in an explanatory memorandum reveals the Government is sticking to its guns, HASC report or not...
See paragraph 4.4 of http://www.legislation.gov.uk/uksi/2011/1340/pdfs/uksiem_20111340_en.pdf
Posted by: Bob Wyllie | 22/07/2011 at 09:17 AM
In relation to Operation Motorman and the comments of the Information Commissioner, could you clarify the position with respect to Section 77 of the Criminal Justice and Immigration Act 2008. It is my understanding that it is within the power of the Home Secretary to enforce more significant sanctions for breaches. Furthermore, such an order could be implemented through the negative resolution procedure.
According to the ICO, the 3 year delay in issuing such as order is down to the required consultation with those affected: specifically the media. Surely, recent events should bring such a review to a speedy conclusion with the result that custodial sentences can be applied.
Posted by: FishNChipPapers | 22/07/2011 at 09:56 AM