Section 184 of the Data Protection Act 2018 – ‘Enforced Subject Access’
Given the delays associated with disclosure of police crime & RTC (collision) reports and that some insurance companies are excluded from engaging the ABI/NPCC MoU, it is unsurprising, some insurers or their representatives have turned to the Data Protection Act. To date, 4 constabularies have resisted disclosure:
- Used a template letter to refuse Third-Party Subject Access (TP SAR) requests for information, a.k.a. ‘Right of Access’ (RoA) approaches, citing s.184.
- Citing s.184, considered a TPSAR approach ‘not in the spirit of the Act’
- Having received TPSAR requests from ‘others’ also cited the criminal offence, yet seemingly cannot identify these ‘others’.
- Has maintained that a TPSAR is unlawful
‘1’ & ‘2’ above issued apologies; they were wrong to cite s.184, to suggest the criminal offence had been committed. They continue to resist disclosure. ‘3’ & ‘4’ are the subject of further correspondence, though the ICO has reinforced previous findings, the Commissioner is satisfied no offence has been committed!
It appears odd that 4 separate constabularies, acting independently(?), have all reached for s.184, are all ignorant of the simple legislation which has just two constituent parts, a ‘two-part test‘ that the above 4 approaches failed to satisfy!
Demands for crime / RTC reports do not fall under Section 184 of the DPA 2018 – read more here.