In our previous article entitled ‘Re-identification of De-identified Personal Data’, we explained the nature of the Information Commissioner’s Office (‘ICO’) and powers arising under the Data Protection Act 2018 (‘the Act’).
Our last article focused upon Section 171 of the Act and in this article, John Veale of Kangs Solicitors explains the offence created by Section 173 of the Act preventing the improper alteration of personal data to prevent disclosure.
If you are, or anticipate, being investigated by the ICO in relation to any allegations of breach of any provisions of the Act, please feel free to call us for an initial no obligation confidential discussion:
The ICO is an independent authority that regulates the collection and use of personal data in the United Kingdom. It takes its authority to do so from the Act. The Act sets out several criminal offences that deal with breaches of data protection legislation and gives the ICO the power to prosecute offenders.
The Act also provides the ICO powers to investigate and impose civil penalties on both individuals and companies. The potential penalties can be significant when corporations with sizeable financial turnover are found to be at fault.
The Section 173 Offence | Kangs Data Protection Offences Defence Solicitors
Section 173 of the Act.
Alteration etc of personal data to prevent disclosure to data subject.
- a request has been made in exercise of a data subject access right and
- the person making the request would have been entitled to receive information in response to that request,
- it is an offence for the controller, a person employed by the controller, an officer of the controller or a person subject to the controller’s direction,
- to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive.
The controller is the person who decides how/why to collect and use the data. The controller will thus usually be an organisation/company, but can be an individual as a sole trader.
This entitlement may be restricted in certain circumstances, for example, avoiding obstruction of a criminal investigation, national security or the protection other individual’s personal data).
Possible Defences | Kangs Data Protection Defence Solicitors
Section 173 of the Act also provides a possible defence for a person charged with an offence to prove that:
- the alteration, defacing, blocking, erasure, destruction or concealment of the information would have occurred in the absence of a request made in exercise of a data subject access right, or
- the person acted in the reasonable belief that the person making the request was not entitled to receive the information in response to the request.
Consequences of Conviction | Kangs ICO Investigations Solicitors
- An offence under Section 173 of the Act is dealt with by the Magistrates’ Court and conviction can result in the imposition of a fine, which, in the case of a company, may be calculated according to its financial turnover.
- Directors and others responsible for the control of companies and other organisations can also be prosecuted for offences committed in contravention of the Act, if they consented to or acted in connivance with the offending.
How Can We Help? | Kangs Criminal Defence Solicitors
If you are arrested or made subject to any investigation by the ICO, including any allegations involving Data Protection Offences, you should seek immediate expert legal advice and assistance to protect your interests as far as possible.
The team at Kangs Solicitors has a wealth of experience assisting clients facing allegations of Data Protection Act offences of every nature and if you require our help please do not hesitate to make contact through any of the following who will be pleased to hear from you: