HC Deb 31 October 1986 vol 103 cc594-5

Lords amendment: No. 348, after clause 158, insert the following new clause— An order under section 30 of the Data Protection Act 1984 (exemption from subject access provisions of data held for the purpose of discharging designated functions conferred by or under enactments relating to the regulation of financial services etc.) may designate for the purposes of that section as if they were functions conferred by or under such an enactment as is there mentioned—

  1. (a) any functions of a recognised self-regulating organisation in connection with the admission or expulsion of members, the suspension of a person's membership or the supervision or regulation of persons carrying on investment business by virtue of membership of the organisation;
  2. (b) any functions of a recognised professional body in connection with the issue of certificates for the purposes of Part I of this Act, the withdrawal or suspension of such certificates or the supervision or regulation of persons carrying on investment business by virtue of certification by that body;
  3. (c) any functions of' a recognised self-regulating organisation for friendly societies in connection with the supervision or regulation of its member societies."

9.36 am
The Parliamentary Under-Secretary of State for Trade and Industry (Mr. Michael Howard)

I beg to move, That this House doth agree with the Lords in the said amendment.

The Data Protection Act 1984 recognised that special provision had to be made to restrict access of persons to data concerning them, held in connection with the regulation of financial services, otherwise an individual could use his rights of access under the Act to find out what information about him was held by the regulators and, thus forewarned, cover his tracks and make the conclusive uncovering of the malpractice more difficult.

The new clause makes it clear that data held by self-regulating organisations and recognised professional bodies for the purpose of their regulatory functions as recognised bodies may be exempted by order under the provisions of section 30 of the Data Protection Act from its subject access provisions.

Mr. Brian Gould (Dagenham)

I am grateful to the Minister for that somewhat brief explanation of the new clause. I think that both sides of the House would concede that this is a considerable derogation from the principles laid down in the Data Protection Act, which was a major step in advancing civil liberties in Britain. Therefore, we are obliged to look rather carefully at any substantial exception of this type which is introduced so soon after the passage of the Data Protection Act.

Labour Members' concern is increased by the fact that the new clause was introduced and passed after a brief debate in another place. I mean no criticism of their Lordships, and I well understand the pressures under which they worked, but we should linger a little before accepting the new clause.

I can focus my anxiety by asking a specific question. I accept the general explanation and justification that the Minister has offered for the new clause, but why is it not possible simply to rely on section 28 of the Data Protection Act, which I understand already makes an exception in the case of material, the disclosure of which might be prejudicial to the detection, prosecution and conviction of a criminal offence? In other words, I think that the Minister is suggesting something which goes wider than the exceptions already claimed by the police and the Inland Revenue, and so on, which are limited to cases where a criminal offence may have been committed or be about to be committed. The Minister should offer a word of explanation about that.

Mr. Howard

With respect, the more relevant provision of the Data Protection Act is section 30. Section 28, as the hon. Member for Dagenham (Mr. Gould) has suggested, deals with exemptions from the Act in relation to prosecution, but section 30 specifically deals with the regulation of financial services and is, therefore, the most relevant section to this question. It follows from that that the principle of exemption under the Data Protection Act in relation to the regulation of financial services was recognised at the time that the Act was passed, so no new principle of any sort is involved in the amendment.

We are merely seeking to modify the application of the principle which was enshrined in that Act to the regulatory structure which is provided by the Financial Services Bill, which was not foreseen in its detail during the passage of the Data Protection Act. The purpose of the provision is to extend and modify section 30 of the Data Protection Act so that it more precisely meets the regulatory structure provided by the Bill, without in any way extending or introducing a principle other than the principle which was recognised in that Act.

Question put and agreed to.

Forward to