A key factor in any private investigation is information and data. This is vitally important if you are looking for court admissible evidence to support any legal claim. With the introduction of General Data Protection Regulation (GDPR) in Europe, it is more important than ever for private investigators to make sure they adhere to current rules and stay compliant with all UK law. The current legislation that applies to private investigators are the U.K Data Protection Act, the EU General Data Protection Regulation, and the U.K General Data Protection Regulation.
What is GDPR?
GDPR is an EU law, implemented in 2018, to improve data protection and privacy across the European Union and European Economic Area. The regulations include how to correctly process and store personal data and how that data may be used by businesses.
In the UK it is overseen by the Information Commissioner’s Office.
What is the International Commissioner’s Office?
The Information Commissioner’s Office (ICO) is an independent authority in the UK, set up to protect the public’s information rights to data protection and privacy.
It is a data protection enforcement agency that oversees all businesses, with particular importance for private investigative firms as the private investigation industry is currently unregulated and is often a target for prosecution for poor data handling.
Private Investigative firms and data protection
When taking on an investigation from a client, Private Investigators are bound by the rules of the Data Protection Act and GDPR as enforced by the Information Commissioner’s Office. This ensures that any private information and data gathered by Private Investigators and the processing of said data, happens in accordance with the law that provides a reasonable expectation of privacy. The legality here is determined by the ‘Legitimate Interests Assessment’ (LIA) which asks three basic questions about the collection of the personal data: Is there a legitimate purpose for gathering the information? Is it necessary? Are the interests of all parties balanced? A good private investigative firm or investigator will understand these nuances and be able to weigh up the interest of the client and purpose of the investigation against this.
This means that private investigators must be able to show that the collection of this data is the only available option and the subject of the information gathering will suffer no harm through use of the data. During the course of any investigation, this process must be fully documented at every stage to protect all the parties involved.
Part of any investigation is the collection of data and evidence. For any kind of evidence to be admissible in court, it must have been gathered legally. This means that the private investigator and the client that hired them must be able to prove that the evidence was collected through legal and ethical means and is being stored in a correct manner. Before hiring a private investigator, it is best to make sure of the following:
- The private investigator or firm must have the correct processes in place to collect and store personal information, data and anything that may be used as evidence in any legal recourse.
- The private investigator or firm must have the proper protections and encryption in place for the information they hold.
- The gathering of data without personal consent is done with good reason and within the parameters of the law.
- Every private investigator or firm must have a process in place to handle any data subject access requests.
This approach applies to all forms of data collection, including surveillance. Surveillance is often a key part of any private investigation, therefore it is important to note how and when surveillance for data gathering purposes is allowed within the law. As privacy forms a large part of the current legislation, not only do private investigators have to make sure they are correctly applying LIA to a job, but their surveillance falls under the “reasonable use” caveat. This ensures that the general public still have a right to privacy whilst allowing private investigators to collect and retain the information or evidence needed. We have listed below the most common legal surveillance techniques that comply with the data protection regulations:
- GPS Vehicle Tracking: Private investigators are legally allowed to track vehicles using GPS if the owner of a vehicle, or fleet of vehicles, has consented to the tracking of those vehicles using state-of-the-art GPS technology. This allows Private Investigators to gather data and evidence in cases of suspected vehicle misuse, moonlighting, and corporate sabotage.
- Surveillance: Private investigators can covertly monitor and follow a person of interest or vehicle as long as they do so from public property. They are also allowed to take photographic evidence of any wrongdoing as long as they have the correct storage processes in place.
- Background Checks: With social media ever more prevalent, history and background checks are often key sources of information for private investigators. They can access public and business records as well as private databases they have permission for. Any data collected must be securely protected from theft or improper disclosure.
- Counter Surveillance: If you believe you are being targeted, either personally or professionally, private investigators are allowed to use counter surveillance techniques and technologies such as blockers and electronic sweeps.
- Monitoring: Private investigators can monitor activity on a workplace computer network or work phone system when authorised by the owner/company.
- Technological forensics: Under certain circumstances, private investigators can carry out mobile phone and computer forensics to recover deleted information.
As any information or evidence can only be used if it has been obtained legally and in accordance with data protection laws, it is vitally important for you to put your trust in a private detective or private investigation firm that can get you the results you want in a legal and ethical manner, whilst conducting themselves and their operation with the highest of standards in order to produce quality, effective results. This is best practice throughout private, personal, corporate, or commercial investigations.
OpSec Solutions is ICO registered as a data controller, meaning you can trust us to handle your personal data responsibly and maintain complete confidentiality. We complete all work legally, confidentially and in full compliance with GDPR. We have accreditation and membership from some of the industry’s leading bodies, so you have peace of mind that any private investigative services are carried out ethically, legally and with full confidentiality.
With regard to data protection and privacy, OpSec Solutions work on the basis of the following principle: We treat information with which we are entrusted during the course of any investigation with respect and access or disclose it only for the purposes for which it is intended; attending to all instructions within the principles of the prevailing privacy legislation and in particular if controlling personal data has to be notified with the Information Commissioner.
At OpSec Solutions, we understand what it takes to get to the bottom of your case and provide you with the evidence you need. With experience, training, and skills on our side, we are highly respected within the industry, with the accreditations to prove just that. If you have any questions about the code of ethics we follow, your data or how we conduct investigations whilst staying compliant with all current data protection laws, we are always happy to talk. Give our team a call on 0844 6641125 to arrange a free consultation.