There are a number of criminal offences which are set down in the Data Protection Act 1998. If you find yourself being prosecuted for any of the following, get in touch with the regulatory investigations team at Richard Nelson LLP. We will provide any advice and representation that may be necessary to reach a favourable conclusion to your case.
The main offences are as follows:
Unlawful obtaining, disclosing or procuring of personal data
S55 Data Protection Act 1998
This relates to the unlawful obtaining or disclosure of personal data.
The risks of becoming held responsible for, being exposed to or being affected by unauthorised breaches are becoming ever more apparent in the digital age in which we all live and work. Nearly every week, the media reports on a data breach where personal data has been accessed and obtained without consent. No person or business is immune to the risk of being affected.
Laws are in place to protect the personal data and ensure that it is being held securely. The main offence is governed by s55 Data Protection Act 1998 which makes it illegal to knowingly or recklessly obtain, disclose or procure the disclosure of personal data without consent, or to sell or offer to sell personal data which has been unlawfully obtained, disclosed or procured.
There are a number of statutory defences available that mean that a person is not guilty of the offence if it can be demonstrated that:
- It was necessary to obtain, disclose or procure the data for the purpose of preventing crime;
- The obtaining, disclosing or procuring was required or authorised by or under any enactment, by any rule of law or by the order of a court;
- They acted in the reasonable belief that they had in law the right to obtain or disclose the data or information or, as the case may be, to procure the disclosure of the information to the other person; or
- That in the particular circumstances the obtaining, disclosing or procuring was justified as being in the public interest.
Processing personal data without registration
S17 Data Protection Act 1998
Any person or business which records the personal data of others is required by statute to be registered with the ICO (a small fee is payable). This data could come from any source, such as the use of CCTV on premises to website enquiry forms requiring personal contact information.
Such information constitutes personal data and s17 of the Data Protection Act 1998 makes it an offence to process this information without registration. Personal data must not be processed unless an entry in respect of the data controller is included in the register maintained by the Commissioner.
The defence of Due Diligence is available to this offence, which means that if it can be illustrated that a person or business has taken all reasonable steps to comply with the law, then it can mean that the party is not guilty of an offence
What can the ICO do in response to a breach?
If the ICO feels that data has been breached by unlawful behaviour which is caught by s55 or s17, then it can start an investigation which may lead to a prosecution before the courts. It has the power to investigate breaches either from complaints it receives from the public or on its own volition.
The ICO can apply for a search warrant to search premises to identify what data any individual or business holds. It also has the power to interview individuals or company officials under caution with a view to considering prosecuting breaches before the courts.
If taken to court, the matter will commence in the Magistrates Court but more serious breaches, given the volume or nature of the breach, are transferred to the Crown Court where fines of several thousand pounds can be issued.
It is therefore vital that anybody who comes to the attention of the ICO regarding alleged breaches of personal data receives expert legal advice from the outset. Richard Nelson LLP has experienced lawyers who can assist you. If you require assistance of this nature, please contact us today.
Get in touch
For more information about the services we can provide and about how we can help you and your business, contact us.
What we do...
Richard Nelson LLP’s data protection solicitors are able to help individuals and businesses being investigated for various different Data Protection Act breaches. Our main services include:
Breach of S17 of the Data Protection Act 1998
Breach of S55 of the Data Protection Act 1998