In August 2024, West Mercia Police apparently responded to a request for information:
‘Please note, following a change in advice from the National Police Chiefs Council and the Information Commissioners Office, we are no longer able to provide you with third party details and therefore this information has been redacted from the enclosed report.‘
It appeared there had been advice received subsequent to that of 2023 relating to disclosures sought following a RTC, requests relating to s170 of the RTA 1988; the duty of driver to stop, report accident and give information or documents.
However, having sought further information it transpires W. Mercia police has advised their Traffic Process Unit as follows:
Sent: Friday, September 13, 2024
Subject: Sharing Limited Details and Police Reports
We have since received further clarification around what we can do.
Requests for Disclosure
Requests for disclosure relating to road traffic collisions are generally made by the insurers of the vehicles involved in the collision, or the party’s legal representatives and are requested for the purpose of reaching an early agreement as to who is at fault for the collision.
There are also situations where individuals make disclosure requests.
Disclosure Considerations
The information Commissioners Office (ICO) reminds the police of the questions that need to be considered when sharing personal data.
In short, we will continue to ask for the individual’s permission to share information however, should that not be forthcoming and we receive a request for exchange of details we can consider the below:
- Who is requesting this information?
- What information is being requested?
- Is sharing this information necessary?
- Do the Police alone hold this information?
- Are there alternatives to disclosure, which could also achieve the objectives?
- Is the sharing of the information proportionate?
- What impact will this disclosure have on others? i.e. who else might be impacted by this disclosure.
- Could there be an impact on others right of privacy?
Disclosure should be made on a case-by-case basis.
If we are satisfied that the request is to assist with civil litigation / prospective civil litigation, we can disclose, providing we record our considerations.
Disclosure Process
We can return to our previous working practices for sharing limited details, providing we can satisfy ourselves of the above disclosure considerations. In doing this we must complete the document for each case and save it in the electronic file. Completing the form will walk you through the decision-making process.
Our fallback position will be to only disclose to insurance/ solicitors wherever possible as this will mitigate a lot of the risk around disclosure.
It is accepted that there will be the odd occasion where individuals are representing themselves etc. Disclosure may be made but there still needs to be consideration as there is perhaps an increased risk when providing this information as it may not necessarily be used for the purposes of civil proceedings. In some cases, disclosure could give rise to harm to individuals whose personal data has been disclosed
Enabling section of the DPA – litigation or prospective litigation:
Information required to be disclosed by law etc or in connection with legal proceedings
5
(1) The listed GDPR provisions do not apply to personal data consisting of information that the controller is obliged by an enactment to make available to the public, to the extent that the application of those provisions would prevent the controller from complying with that obligation.
(2) The listed GDPR provisions do not apply to personal data where disclosure of the data is required by an enactment, a rule of law or an order of a court or tribunal, to the extent that the application of those provisions would prevent the controller from making the disclosure.
(3) The listed GDPR provisions do not apply to personal data where disclosure of the data
(a)is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings),
(b)is necessary for the purpose of obtaining legal advice, or
(c)is otherwise necessary for the purposes of establishing, exercising or defending legal rights, to the extent that the application of those provisions would prevent the controller from making the disclosure.
ICO Guidance regarding enabling sections – ‘exemptions’
For organisations / Guide to Data Protection / Guide to the General Data Protection Regulation (GDPR)/ Exemptions