Out-Law News | 09 Sep 2013 | 5:14 pm | 2 min. read
Information Commissioner Christopher Graham warned publication of a list of the 98 businesses and individuals by the Committee could hinder its investigation into whether those listed have committed criminal offences under the Data Protection Act (DPA).
The ICO launched its investigation into so-called 'blue chip' hacking after being handed material late last month from the Serious Organised Crime Agency (SOCA), which the agency had obtained in a previous operation it had run.
The Home Affairs Select Committee has raised concern about the time it has taken SOCA to share details from 'Operation Millipede' with regulators. Operation Millipede ran from 2008 and concluded last year with the criminal prosecution of four private investigators for data blagging offences under the Fraud Act.
The Committee has criticised SOCA for not publishing the names of the companies and individuals that were listed on material obtained during Operation Millipede and who are thought to be clients of the convicted private investigators.
However, last month SOCA's director general Trevor Pearce said that the agency had, at that stage, kept the information secret from the ICO in order not to prejudice Operation Millipede and, when that ended, an overlapping and still ongoing Metropolitan Police Service (MPS) operation, 'Tuleta', into "criminal acts that intrude on individual privacy for journalistic purposes".
SOCA shared a list of most of the names contained on a list compiled by the agency of the alleged clients with the Home Affairs Select Committee but only under a protective marking. The Committee's chairman Keith Vaz MP has, though, threatened to make the names public after stating that he had received legal advice on the matter.
However, the Information Commissioner has urged the Committee not to disclose the names of those on the list.
"It now falls to us to conduct a thorough and efficient investigation with a view to bringing criminal prosecutions where appropriate and taking other civil enforcement action," Christopher Graham said in an ICO blog. "It’s important that’s a transparent process ... but that transparency shouldn’t get in the way of the investigation. It’s not clever to start a criminal investigation by publishing the names of everyone and everything you’re investigating. That’s why we’ve stated we’re not publishing the list at this stage, and why I’ve written to Keith Vaz MP to urge similar patience on the part of his Select Committee."
"Nor is it fair that the first time the individuals named on the list learn of their inclusion is when their identities are revealed by a committee of MPs," he added. "We have to start from the central principle of British justice that some of the 98 may not have broken any law. The criminal offence associated with ‘unauthorised disclosure’ of personal information depends on the prosecution establishing that the clients knew that the information they were seeking would be, or could only be, obtained by unlawful means. That will be central to the ICO’s investigation."
Graham said that data blagging could undermine reforms to public services and re-iterated calls for the Government to introduce stiffer penalties for those guilty of such offences under the Data Protection Act.
"If MPs really want to do something to stop the blagging they should demand that ministers stop shilly shallying and implement the tougher penalties that recognise the blagging problem for the scourge that it is," he said.