Data privacy has always been an important issue in the field of Private Investigation. In many respects, the sole purpose of Private Investigation is the collection of various forms of personal data – whether that be movements and behaviours, or private financial information. It is a complicated area because, while the industry is technically unregulated, Private Investigators must still abide by the law of the land. This requirement is sometimes flouted by unscrupulous operators, making the adherence to data privacy legislation a significant factor for clients seeking to engage the services of a Private Investigation firm.
Despite its lack of industry-specific regulation, the Information Commissioner’s Office (ICO) does pursue legal action against those Private Investigators who fail to meet data privacy requirements, as set out in U.K legislation. The first such major sweep occurred in 2003, within the parameters of Operation Motorman – an investigation into the illegal use of private information by members of the British press. Most prominent among the cases highlighted by that operation were instances of unprofessional Private Investigators illegally obtaining the personal information of the families of murdered school children.
These types of cases, ironically headline-grabbing in nature, have brought the ethics of data privacy and Private Investigation into sharp relief within the public consciousness in recent years, and went some way to prompting the rigorous overhaul of data privacy legislation in both the U.K, and the European Union. This took the form of the EU General Data Protection Regulation (GDPR), and the UK Data Protection Act (DPA) – both of which were implemented in 2018. As members of the European Union, the U.K was required to adhere to both, including Private Investigation firms. The U.K is now post-Brexit, however, having left the European Union on 31st December 2020, so how does this impact the services and actions of Private Investigation firms?
Post-Brexit data protection
In terms of the data protection processes that are required, and the standards that should be met, very little has actually changed in real terms. While the EU GDPR ceased to apply to the U.K from 1st January 2021, it essentially became domestic legislation as the U.K GDPR, instead. To make the law apply more specifically to the U.K, some minor amendments were made which were mostly related to the terminology and names used. It is, however, broadly the same as the EU version. This U.K GDPR must now be observed in conjunction with the U.K DPA (2018).
In terms of businesses operating in the U.K with connections to the European Union, this means that there is a greater potential burden in terms of applicable legislation, since they must adhere to the U.K GDPR, THE U.K DPA, and the EU GDPR, where necessary. This includes Private Investigation firms, the activities of which may well often involve European territories. The variation in data protection law between the U.K and Europe must now be observed and adhered to in the same way as territorial differences elsewhere in the world are observed.
Specific impacts on Private Investigation
With this added burden of data protection legislation comes an increased need to ensure that the processing of personal data occurs in full alignment with legal requirements. For Private Investigators, that means proving, beyond a shadow of a doubt, that any personal data is obtained and processed for ‘legitimate’ purposes and is needed for ‘legitimate interest.’ The ‘legitimate interest’ term is key to Private Investigators obtaining and processing personal data, and is determined through a three-part situational test, known as the Legitimate Interests Assessment (LIA):
- Is there a legitimate purpose?
In the context of Private Investigation, a legitimate purpose is largely determined by the reason for obtaining and processing the data, and whether the use of the data is legal and ethical.
- Is it necessary?
In the context of Private Investigation, the necessity of obtaining the data is largely determined by the method of collection. If the purpose is legitimate, is there a less invasive way of collecting data to achieve the same objective? For example, is it possible to determine the residential address of an individual without the use of covert surveillance?
- Are the interests of all parties balanced?
In selecting methods of data collection, Private Investigators must balance the interest of all parties, meaning that operatives must determine whether the legitimate interest is overridden by the interests of the data subject. Are the interests of the investigation target likely to suffer irreparable harm by either the collection of personal information, or the method by which that information is collected? Is any harm likely to be suffered outweighed by the legitimate interests of processing the personal data in question?
While the undertaking of the Legitimate Interests Assessment requires meticulous documentation and record-keeping, the process itself relies heavily on the professional judgement of the Private Investigators doing the work. This is where the lack of industry regulation becomes an important, related issue, and is why there are periodic official reviews and investigations into the conduct of such organisations with regards to the processing of personal information.
Data protection conduct
The hiring of a Private Investigator is a big decision that can have far-reaching consequences, and data processing conduct is an important factor in making that choice. This is because the lack of governmental regulation in the Private Investigation industry makes the data protection conduct of any Private Investigation firm a clear indicator as to its level of professionalism, and its priorities in terms of client need. An unethical Private Investigation firm will put profit before people, and often engage in activity that either skirts the law too closely, or breaches it entirely. In other words, data protection conduct is an effective litmus test for the suitability of a Private Investigation firm.
For this reason, it is still important to ask questions about data protection when first approaching Private Investigators with a view to engaging their services – even in post-Brexit U.K. It is vital that the organisation answer queries about their approach to the Legitimate Interest Assessment to your satisfaction. This protects you in the event of a third party raising data protection allegations as a result of your instructions to the Private Investigator, and also protects you in terms of hiring investigative professionals to deal with your case in a sensitive, respectful manner; in a way that provides you with value for money. This applies whether your case revolves around suspicions of infidelity, or a need for event or close security, because the protection of personal and private information should always be prioritised.
Making the right choice
Just as it is the business of Private Investigators to gather information, it must be your business as a prospective client to collect enough information about a Private Investigation firm to build a clear picture of their data protection conduct. This may be through learning about the experience of previous clients, through the firm’s own documented policies and procedures, and through the U.K Information Commissioner’s Office in London. As the nation’s independent authority for data privacy, the ICO works to uphold data rights within the realm of the public interest, promotes transparency of practice by public organisations, and protects data privacy for individual citizens.
Private Investigation firms which operate in ethical and legal ways can be identified through their accreditations. The Information Commissioner’s Office awards certifications to Private Investigation firms that consistently meet data protection requirements and prioritise the legitimate and current processing of personal and private information. Similarly, the Association of British Investigators, the Institute of Professional Investigators, and the Professional Investigators Network, among others, award membership and accreditations to Private Investigation firms that uphold high professional standards, including in the area of data protection.
OpSec Solutions holds certifications and accreditations from these professional national bodies, including the Information Commissioner’s Office. This provides a guarantee that OpSec Solutions personnel use only legal methods of information gathering, including conducting covert surveillance within ethical parameters. By following this ethical code – refusing to tamper with evidence, or engage in illegal activity such as hacking phones, committing trespassing, or accessing restricted information – ensures that all evidence collected is actionable and admissible in court. Your case, and your interests, are therefore protected.
This approach is only possible because OpSec Solutions recruits highly qualified operatives from military, law enforcement, and corporate backgrounds. Building teams in this way means OpSec Solutions ensures that high levels of professional experience are brought to bear on your case, with all the confidentiality and discretion you would expect from such personnel. Your investigation will remain entirely covert, and on the right side of the law.
So, while the task of hiring a Private Investigation firm may feel even more daunting in this post-Brexit Britain, clients can rest assured that their personal and private information remains protected – provided the Private Investigation firm selected is accredited by organisations that require high standards of professionalism and stringent data protection processes. OpSec Solutions is one such accredited Private Investigation firm and is ready to provide you with a free consultation on the details of your case.