-optimized.jpg){kind=avatar}
The data protection regulator the ICO has approved and published a first sector-owned code of conduct – The Association of British Investigators Ltd (ABI) UK GDPR code of conduct for Investigative and Litigation Support Services.
Under Article 40 of UK GDPR (which is still the law of the land despite Brexit), organisations may create codes of conduct that identify and address data protection issues that are important to their sector. This code, which investigators in the private sector can sign up to, will provide certainty and reassurance to those using their services, the regulator says – ensuring investigators are compliant with the UK GDPR requirements. This will assist investigators to navigate the challenges between conducting investigations whilst respecting peopleโs privacy rights, the regulator adds.
The data protection issues facing the private investigations sector are addressed within the code. For example, the roles and responsibilities of code members when acting as data controllers, joint controllers or processors, and when and how to complete a Data Protection Impact Assessment (DPIA). It also helps code members to identify and document the correct lawful basis for invisible processing – including covert surveillance, tracking devices, background checks and social media monitoring. Further guidance is also included, with examples, for lawfully tracing and locating people.
The owner of the code is the ABI, while – pending accreditation by the ICO – the SSAIB is looking to be the inspection body for those investigators who seek to show compliance with the code. As the code states, the ABI will review the code on an annual basis. The SSAIB also delivers certification of the BS102000/2018 standard, a British Standards code of practice for the provision of investigative services.
Emily Keaney, Deputy Commissioner for Regulatory Policy at the ICO said: โCodes of Conduct are an excellent way of helping organisations demonstrate data protection compliance and protecting peopleโs data rights, and we are delighted to have approved the first Code of Conduct under UK GDPR. They enable organisations to address and resolve any data protection challenges, whilst also providing transparency and regulatory certainty.
โWe hope that our approval of this code encourages other sectors to also recognise the benefits of developing their own codes of conduct, demonstrating best practice and accountability.โ
And Tony Imossi, the Secretariat of The ABI and author of the ABI Code of Conduct, said: โThe code exemplifies the ABI’s commitment to professional investigations, upholding the highest standards of integrity and confidentiality. This is crucial for ensuring trust and compliance with the data protection law.โ
For the free to access 99-page document, visit https://ico.org.uk/for-organisations/advice-and-services/codes-of-conduct/register-of-uk-gdpr-codes-of-conduct/the-association-of-british-investigators-limited-uk-gdpr-code-of-conduct-for-investigative-litigation-support-services/. Any queries, contact the ICO by email: [email protected].
