Author: Adrian Ramdat BA Ed, PGCE – Specialist Trainer
Jun 2022
In the past, investigators could focus on the various aspects of an investigation and to a great extent deal with them in a vacuum. However, around 2016 this started to change as the covert aspect of investigations conducted under RIPA (or in Scotland RIPSA) started to be the subject of comments re managing the material obtained in accordance with UKGDPR to ensure data protection compliance.
It is fair to say that it took a while for this get traction and in 2018 the various Codes of Practice were updated around ‘product’ management and direct links were drawn to the data protection principles. There was also specific mention of disclosure under the Criminal Procedures & Investigations Act making it unequivocal that any product obtained covertly from surveillance or the use of a Covert Human Intelligence Source (CHIS) was subject to the disclosure regime.
It is fair to say that a number of investigators haven’t kept up to date with this progression and how this applies to all investigations, not just covert investigations and as result there has been a commentary about the police seizing the phones and devices of victims of rape where there was no investigative need to do so.
Just last week, the Information Commissioner (ICO) has released a report called ‘Who’s Under Investigation?’ This report examines the process of the police seizing devices and obtaining third party material, such as medical records etc, when there is no reasonable line of enquiry that requires it.
The report made it clear that there have a been a number of cases where victims’ devices were seized and examined when there was no need. As we all know our devices contain private information and, in some cases, truly sensitive or intimate material which may have no relevance to an investigation but by viewing this material and it unnecessarily becoming part of the investigation the victims felt they were being treated as suspects and this caused further trauma, when they were already dealing with significant trauma from the events that led them to reporting a sexual crime to the police. Sadly, it also stated that investigators were asking victims to sign disclaimers so their devices could be accessed, again where there was no need.
The underlying research for this report identified ‘…a lack of clarity in understanding the rules set out in data protection law which are required for sharing victims’ information fairly and lawfully.’
This is a sad indictment that investigators are being told they are potentially acting unlawfully and as a result if they continue to seize devices where there is no lawful basis and no investigative need then the organisation may be served with an enforcement notice and ultimately a fine.
All investigators in all organisations need to conduct their investigations in accordance with the relevant laws and investigators can no longer ignore disclosure or data protection, whether wilfully or through lack of knowledge. This can sometimes be easier said that done and the nature of complex investigations particularly where there is little if any defence engagement makes it difficult, on occasions, to identify if the line of enquiry is reasonable.
Helpfully, the ICO report includes two checklists, one regarding the potential seizing of victim’s devices and the other for obtaining third party material. I would strongly suggest that all investigators keep these close to hand and make use of them and importantly record their decision-making process.
In the final analysis, if any investigators feel they don’t have sufficient knowledge of the data protection legislation and principles, or their knowledge of disclosure is not where is should be then don’t worry, we can help as we offer courses on these subjects and how they impact upon ALL investigations. We know it’s a hard job and under constant scrutiny so if there is any concern of gaps in your knowledge contact us now and we will gladly help.