The ICO (Information Commissioner’s Office) is encouraging private sector organisations to develop codes and mechanisms to achieve best practice and compliance in relation to data processing and handling.
Although ICO Code membership is voluntary, if a UK GDPR code of conduct is available – that is relevant to your data processing activities, you might consider signing up?
A Code Membership application for A.B.I members and other interested parties reached its penultimate stage with the public consultation meeting in London in September 2022.
Organisations approved by the ICO will begin appearing on the Information Commissioners web site from March 2023.
The “Carrot” that is being dangled is that Code membership compliance could, for the most part:
“Help you to address the type of processing you are doing and the related level of risk. An example is a code may contain more demanding requirements when it relates to processing of sensitive special category personal data;
The A.B.I are trying to convince us that their code will have unforeseen benefits. Code members could be granted special processing status in relation to fraud investigations, for instance. Well it’s a laudable proposition, but, even if ABI Code members are granted access to sensitive special category personal data, it will only be those select few already working within fraud sharing database organisations such as Cifas. There will be no “Trickle down.”
One of the systemic problems the A.B.I has is that its Code of Conduct for Investigative and Litigation support services does not meet the needs of the UK’s professional private investigator sector – it meets the needs of some of the A.B.I’s main sponsors – the Corporate members who already have BS102000 and Approved Contractor Schemes and, who, often maintain impressive and elaborate in house departments specifically designed to reassure their customers that their DPA / GDPR policies and procedures are at an optimum level – their competitive advantage when engaging in tendering processes.
The people towards the top of the A.B.I have an uneasy relationship with private investigators. They find the term to be “Toxic” and constantly try to portray anyone who is not a member of their organisation to be “Rogues.”
Non-ABI members are often alarmed by the “Cartel” like attitude of the ABI hierarchy and the amateurish and provocative posture they have taken around data breaches and issues around their inner circle. Its not encouraging that the self-same people could be managing the code for the ICO.
Data processing and handling is very straightforward and non-problematic for professional private investigators – rogues will be rogues and the ABI Code will not make a blind bit of difference to their practices and policies.
For the rest of us, the “Risk averse” culture enshrined in the ABI code “Rule book” forces private investigators to turn away perfectly viable work. Even the most basic processing task seems to default to “High Risk”
Appropriate due diligence around the data we safeguard, process and handle are a paramount requirement in an ever-litigious environment for Investigators in the UK’s private sector but the muddled and, one size “Fits all” (Proposed) ICO Code from the ABI is yet another vanity project that does not assist the very people it seeks to codify.