The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
1240/5(8069)
WRITTEN QUESTION TO H.M. ATTORNEY GENERAL BY DEPUTY M.R. HIGGINS OF ST. HELIER
ANSWER TO BE TABLED ON TUESDAY 21st JANUARY 2014
Question
- Would H.M. Attorney General clarify for members and the public at large the difference between a regulatory and a criminal breach of the Data Protection (Jersey) Law 2000?
- With regard to accessing sensitive personal information, could H.M. Attorney General advise whether a person who obtains such information by claiming to have the consent of the party whose information they are seeking to access through a third party, when they do not in fact have such consent, is committing a regulatory or criminal offence?
- Could H.M. Attorney General explain to members the interaction between the Data Protection Commissioner and the Law Officers' Department in the determination of criminal or regulatory breaches and the extent to which the Data Protection Commissioner has unfettered discretion to determine these issues?
Answer
- The Data Protection (Jersey) Law 2005 ("the 2005 Law") contains provisions where a regulatory breach (for example, a breach of one or more of the eight data protection principles) may result in the issue of an enforcement notice by the Office of the Data Protection Commissioner ("the ODPC"). It also contains provisions (for example, a failure of a data controller to register/notify (Articles 17 and 21) or the unlawful obtaining etc of personal data (Article 55)) where the act or omission in question may constitute a criminal offence. It is possible for an act or omission to constitute a regulatory breach, an offence or both.
- I make no comment in relation to any specific complaint each of which will depend on its own facts. However, the activity which has been described in outline has the potential – theoretically but subject to the specific facts of the matter - to result in enforcement action by the ODPC and/or a prosecution under Article 55 of the 2005 Law.
- Regulatory breach
The ODPC is both structurally and functionally independent of the Law Officers' Department ("LOD"). The ODPC is accordingly free to deal with any regulatory matter that falls within the ODPC's responsibilities under the Law. The ODPC may (but is not obliged to) seek legal advice from the LOD.
Potential Criminal Offence(s)
In the event of the ODPC identifying acts or omissions which indicate that an offence may have been committed, the ODPC will:
- pursue an investigation (as appropriate). There are occasions when the ODPC and the States of Jersey Police will consult with each other as to which of the two will take the lead in conducting an investigation and collating the evidence for referral to the LOD in respect of a decision to prosecute; and
- liaise with the LOD and the States of Jersey Police (as appropriate).
Any person with evidence that an offence may have been committed should refer the matter to the ODPC, and remains free to refer the matter to any other appropriate authority.