The Data Protection Act 1998 and the fraud investigator

While all fraud investigators are aware that the Data Protection Act 1998 came into force on 1 March this year, what is less well known or understood is the impact that it will have on their role. In many instances it may be too early to tell how the specific provisions of the Act will be interpreted by the Data Protection Commissioner or the courts. However, it is important for those operating in this field to have identified and analysed those aspects of the new legislation (of which there are many) that affect their work and, perhaps even more importantly, to have adopted a strategy for dealing with them. In this article Ian Trumper, a director in the Investigations practice at PricewaterhouseCoopers, gives a brief background to and summary of the main data protection principles and then proceeds to concentrate on the impact of the Data Protection Act 1998, both on the business community generally and then on the fraud investigator specifically.

Ian Trumper can be contacted at PricewaterhouseCoopers on 020 7212 8340.

The Data Protection Act 1998 and the Data Protection Principles

All employers and businesses (and perhaps their contractors) hold and use data in respect of their employees or clients and will have to comply with the Data Protection Act 1998 ( DPA 1998 ) for that data to be processed lawfully and fairly. Under the provisions of the Data Protection Act 1984 ( DPA 1984 ) individuals already had the right to find out, under certain conditions, what information is held about them on computer systems. The significance of the DPA 1998 is that it: