By virtue of the Data Protection Act 2018 (‘the Act’), the Information Commissioner’s Office (ICO) is enabled to impose and also prosecute offenders, both corporate and individual, guilty of breachingdata protection legislation.
The ICO is an independent authority that supervises privacy regulations in the United Kingdom. As well as investigating potential criminal offences, it can impose very significant fines for breaches of data regulations and oversees data protection.
John Veale of Kangs Solicitors sets out section 170 of the Act which specifically deals with the handling of personal data.
If you are, or anticipate, being investigated by the ICO in relation to any allegations of breach of any provisions of the Act, please feel free to call us for an initial no obligation confidential discussion:
The Section 170 Offence | Kangs Data Protection Offences Defence Solicitors
Section 170 of the Act states that it is an offence for a person knowingly or recklessly:
- To obtain or disclose personal data without the consent of the controller of the data.
- To procure the disclosure of personal data to another person without the consent of the controller, or
- After obtaining personal data, to retain it without the consent of the person who was the controller in relation to the personal data when it was obtained.
- It is an offence for a person to sell such obtained/disclosed/procured or retained personal data.
- It is an offence for a person to offer to sell such data, or data that has yet to be obtained disclosed/procured or retained.
The controller is the person who decides how/why to collect and use the data. The controller will thus usually be an organisation/company, but can be an individual as a sole trader.
Possible Defences | Kangs Data Protection Defence Solicitors
Section 170 of the Act also provides:
It can be a defence for a person charged with obtaining/disclosing/procuring or retaining data, if they can prove that their actions were:
- necessary to prevent or detect a crime.
- required or authorised by an enactment, rule of law or Court order.
- justified as being in the public interest.
- or that they had a reasonable belief that they had a legal right to so act.
- or that they had a reasonable belief the controller would have given their consent had the controller known of that person’s actions.
- or acted for the special purposes of publication by a person for journalistic, academic, artistic or literary reasons, and had reasonable belief that in the circumstances, such actions were justified as being the public interest.
Consequences of Conviction | Kangs ICO Investigations Solicitors
- An offence under Section 170 of the Act can be dealt with either by a Magistrates’ or Crown Court with the imposition of a fine, which, in the case of a company, may be calculated according to its financial turnover.
- Directors and others responsible for the control of companies and other organisations can also be prosecuted if shown to be, for example, in connivance with others or negligent in their duties in relation to such offences.
- A Court can order that documents and other material can be forfeited, destroyed or erased if they have been used in the processing of personal data or used in connection with the commission of the offence.
How Can We Help? | Kangs Criminal Defence Solicitors
If you are arrested or made subject to any investigation by the ICO, including any allegations involving Data Protection Offences, you should seek immediate expert legal advice and assistance to protect your interests as far as possible.
The team at Kangs Solicitors has a wealth of experience assisting clients facing allegations of Data Protection Act offences of every nature and if you require our help please do not hesitate to make contact through any of the following who will be pleased to hear from you: