§ Mr. CohenTo ask the Secretary of State for the Home Department on how many occasions the Metropolitan police have been subject to an investigation by the Data Protection Registrar in relation to a suspected breach of a data protection principle; if he will summarise the nature of each complaint; when the complaint was made; and what remedial action was taken by the police to ensure future compliance with the principle.
478W
§ Mr. Peter Lloyd[holding answer 21 May 1993]: The Data Protection Registrar has recorded eight complaints against the Metropolitan police. They are as follows:
- (1) 6 April 1987
- Alleged contravention of Principle 5:
- Personal data shall be accurate and, where necessary, kept up to date.
- (2) 18 January 1988
- Alleged contravention of Principle 3:
- Personal data held for any purpose or purposes shall not be used or disclosed in a manner incompatible with the purpose.
- (3) 8 January 1988
- (4) 8 January 1992
- (5) 19 October 1992
- Alleged contravention of Principle 7:
- An individual shall be entitled (a) at reasonable intervals and without undue delay or expense —(i) to be informed by any data user whether he holds personal data of which that individual is the subject; and (ii) to access to any such data held by a user; and (b) where appropriate, to have such data corrected or erased.
- (6) 13 May 1991
- Alleged cases of unauthorised disclosure
- (7) 4 August 1992
- (8) 27 February 1991
- Alleged breach of Section 5(2)
In no case has the registrar considered it necessary to serve an enforcement notice on the commissioner. The commissioner keeps compliance with the law under review and ensures that policy, practice and training reflect statutory requirements.