|Previous Section||Back to Table of Contents||Lords Hansard Home Page|
In a small local authority with few officers, a local authority officer has legitimate use of the full file but he proceeds to make use of the information in some private capacity. Can the Minister read out, or tell us, the words of the Data Protection Act which catch the offence of unauthorised use of authorised material?
Lord Mackay of Ardbrecknish: I do not have the Data Protection Act to hand, but I have made it clear that it covers the unauthorised use of information to which the person had authorised access. As I mentioned earlier, we have successfully prosecuted department staff under the Computer Misuse Act.
I was about to give the noble Baroness the reassurance that Clause 4 makes an offence the unlawful disclosure of personal data by local authority staff, auditors, and local government ombudsmen. Therefore, it makes an offence the unlawful disclosure of personal data by those people, including local authority staff mentioned by the noble Baroness.
To sum up, we believe that in addition to the tight internal controls we have, and what I believe will be the responsible way local authorities will deal with the three issues of access, use and disclosure--we shall be sending out a circular once the Bill receives Royal Assent drawing attention to the new offence in Clause 4--the legislation is in place which will allow the authorities to prosecute anyone who breaches the terms of the Act; that is, through unauthorised access, unauthorised use or unauthorised disclosure. In addition, we will certainly take disciplinary steps against such a person.
Lord Carter: I am sure that the Committee is extremely grateful to the Minister. Perhaps while I ask the Minister a question, advice will reach him on the Data Protection Act. We can see only the provisions which deal with disclosure. We can see nothing which deals with use. Perhaps advice about that will be forthcoming and we can be directed to the relevant part of the Data Protection Act.
If the amendment is incorrectly drafted it can be redrafted, or the Minister can bring back his own amendment if he is prepared to take the point. I am still not convinced, not about authorised access as part of a person's work--that is the proper access of information--but about the unauthorised use of such information. The Minister has not dealt with the concerns of the registrar, which I read to him. Perhaps I may again quote from her letter. It refers not to R. v Brown but to R. v. Victoria Parker, now Bignell. It was heard before Southwark Crown Court. In January, the registrar stated:
The Minister must deal with the issue. It is the job of the Data Protection Registrar to consider such issues. She has expressed real concern that there is a gap in protection and the amendment is intended to deal with that. However, the Minister appears to be saying that the department is entirely happy that there is no such gap. The Minister must say in terms on what grounds the registrar's argument is misconceived.
Perhaps I may give an example. It is not wholly appropriate, but it shows what can happen. I am not sure whether the Committee is aware that banks have what are called "related" or "connected" accounts. At a particular bank in the area where I live, I am involved with a number of accounts both personal and business. I introduced a co-director to that bank. When I ask the bank for a printout
I was surprised when I was handed such information, but it is standard procedure in this bank that all accounts which it calls "connected" or "related" are printed out together. Those balances are elicited every day so that the manager can look at them. That is an example of authorised use. I am not sure about disclosure and certainly not the use I might make of the information.
I hope that the Minister has taken on board the point that we are not talking about browsing. We are talking about someone who is authorised as part of his duty to obtain information about taxation, housing benefit, or whatever, who realises that it applies to someone he knows--it could be a former partner, for instance--and who then proceeds to use it.
Is the Minister really happy that that is the case? I know that he has said he is. I do not want to press the amendment to a Division but it relates to an important point. I wish to give the Minister an opportunity to discuss it following this stage of the Bill or to write to me. I hope that if he says he will write he will not merely repeat the argument because I am still not convinced. I do not believe that he has answered the concerns of the registrar.
Lord Mackay of Ardbrecknish: During our little discussion about right or wrong, I indicated that it is ultimately for the courts to decide how the law is interpreted in this dispute, if I may put it as strongly as that, between the Data Protection Registrar and the Secretary of State. We have relied on the Computer Misuse Act quite successfully. As regards the Data Protection Act, perhaps I may refer to Section 5(1) and (2), which creates the duty, and to subsection (3), which clearly applies the duties to the employee. It states:
Lord Carter: Just so that we are clear, the Minister was correct to refer to the case of Regina v. Brown which reached the House of Lords. As I said before, in that case the prosecution was overturned on appeal because it was deemed that a police officer who had accessed the Police National Computer to obtain personal information did not use the data. However, I would ask the Minister to comment on the other case that I mentioned. The Minister referred to that specifically. I do not have the details of that case but I presume that the context was different. This is the one about which the Data Protection Registrar said:
The Minister does not seem to have been briefed on that case. It may be better to return to this matter when the Minister has had the briefing. We may need to have a meeting or return to this matter at a later stage. I beg leave to withdraw the amendment.