Page 161 - Deception at work all chapters EBook
P. 161
162 Deception at Work
to intercept communications transmissions on a private network without prior warning to
the potential users. It might, however, still be unlawful under section 1(3) and give rise to a
civil claim for damages. What, if anything, these might be will be determined on a case-by-
case basis but it should be emphasized that, in practice, neither the police or the Home Office
believe that a pre-warning is necessary. A decision chart summarizing the important aspects
of communications transmission is at Appendix 4.
Businesses and other sections of RIPA
No regulations have been issued for the business sector clarifying other sections of the Act
covering the use of call-logging data, surveillance, or human and semi-human intelligence
sources. Further regulations covering these areas is likely to coincide with the creation of the
Security Industry Board (to be established under the Private Industry Security Act 2001: see
www.hmso.gov.uk/acts/acts2001/20010012.htm) and goodness knows what will happen
then.
Public authorities have been overwhelmed with paper on the rules covering directed,
covert and intrusive surveillance, use of covert human intelligence sources, interference with
property and officers working undercover. (see www.homeoffice.gov.uk/ripa/). The point to
note is that everything is directed at public authorities and based on the principles of lawful
authority and proportionality.
Thus as matters now stand, business victims are able to access call-logging data, use covert,
directed intrusive and other forms of surveillance and human intelligence sources without
offending RIPA. The only restrictions are that the disclosure of call logging data obtained
from a public communications carrier must not contravene the Telecommunications Act
1984 (which it should not if the investigation of crime is concerned) and the Data Protection
Act, of which more later. Surveillance must not contravene the laws on trespass or the Preven-
tion from Harassment Act 1997. Also companies should consider their position on access to
encrypted data and keys (Part 3 of the Act). All of these matters should be covered in a fraud
policy (see page [xref]).
DATA PROTECTION ACT
This is another piece of legislation where liberal interpretation runs ahead of literal intent, and
oiks up and down the country are using its provisions as a cover for their own incompetence
or to build empires. The first thing to remember is that the Act only applies to personal data
processed on a computer or through a relevant filing system. It is not a privacy act, nor a ‘let’s
be nice to crooks’ act, despite what the chattering classes might wish. Thus even the collec-
tion and use of even the most personal information does not fall within the data protection
regime unless it is to be processed by a computer or retained in a ‘relevant filing system’: of
which more later.
