The hoax telephone call to the King Edward VII Hospital in which two DJ’s blagged private information about the Duchess of Cambridge has become the main item on the news today after the apparent suicide of the nurse who was duped by the call. The Australian radio station, 2Day FM, whose DJs were responsible for the call told the “Daily Telegraph” that “it had not broken any laws“. But, as pointed out by Dr Chris Pounder on the Hawktalk blog the position under the Data Protection Act 1998 (“DPA”) has not been considered.
The two DJs are reported to be “saddened and shocked” by the recent turn of events and have been taken off the air. However, the Chief Executive of the radio station’s parent company said that
“This is a tragic event that could not have been reasonably foreseen and we’re deeply saddened by it. I spoke to both presenters early this morning and it’s fair to say they’re completely shattered. Prank calls as a craft in radio have been going for decades and decades, they are not just part of one radio station, or one network or one country, they are done worldwide.”
But “prank calls” which involve the disclosure of personal data – or sensitive personal data such as medical information – engage the provisions of the DPA. Section 55 is entitled “Unlawful obtaining etc. of personal data”. It provides that
(1) A person must not knowingly or recklessly, without the consent of the data controller—
(a) obtain or disclose personal data or the information contained in personal data, or
(b) procure the disclosure to another person of the information contained in personal data.
A person who contravenes section 55(1) is guilty of an offence (section 55(3)).
It appears that, in the course of the “prank call” the Australian DJs did indeed “obtain personal data” relating to the Duchess of Cambridge – about her medical condition. This was plainly “without the consent of the data controller” (the King Edward VII hospital). There is no difference between obtaining private information as a “prank” and obtaining it to sell or publish. In short, it appears that the two DJs may be guilty of the section 55 offence.
There are a number of defences under section 55. These include showing
“that in the particular circumstances the obtaining, disclosing or procuring was justified as being in the public interest”. (section 55(2)(d).
There is, however, no credible argument that obtaining private medical information about a pregnant woman from a hospital by deception is “in the public interest”. Such an argument would not be accepted by an English court.
If the two DJs were to come to England and were prosecuted and convicted of this offence what penalty could be imposed? At present, the only penalty for this offence is a fine (section 60). A fine of £5,000 would be standard. By section 77 of the Criminal Justice and Immigration Act 2008 the Secretary of State has a power to increase this penalty to include a sentence of imprisonment. This act also included an enhanced defence for journalists – reasonable belief that disclosure was justified in the public interest (section 78).
These provisions have never been brought into force. The Leveson Report deals with the successful campaign by the press to stop this provision being brought into force (see, in particular, Vol 3, pp.1085-1094). Lord Justice Leveson recommends that
The necessary steps should be taken to bring into force the amendments made to section 55 of the Data Protection Act 1998 by section 77 of the Criminal Justice and Immigration Act 2008 (increase of sentence maxima) to the extent of the maximum specified period; and by section 78 of the 2008 Act (enhanced defence for public interest journalism).
The press, apparently, continue to oppose this recommendation and the Government has not committed itself to its implementation. Blagging personal information – whether by “hoax calls” or by crooked private investigators – is a crime and should be appropriately punished. This Leveson recommendation should be implemented without delay. The press should not be permitted to get away with their special pleading on this issue.
From NtT – “Not just pranking – it’s also the hacking of people just because they are linked to a newsworthy event, doorstopping, and all the other intrusive press behaviour.
All of it treats members of the public as something to be manipulated so that the media can make a profit.
All of it ignores the fact that they are not merely dealing with letters on a page or words over the air, but with the lives and weaknesses of real people, some of whom can be profoundly damaged by the experience.”
This clarifies the issue for me; it places responsibility squarely on the shoulders of proprietors. I do feel sorry for the DJs now; they’re the fall guys, although some might say they had the choice whether to be the servant of so – arguably – criminally thoughtless proprietors of the station. Those with only one aim; money.
What about the hospital’s duty to protect the patient’s information? I haven’t heard the call but it seems like they didn’t have procedure in place. Companies are also duty bound to protect our private information
Agree, they are data controllers under the Act and they have obligations which do extend to the training of staff under the Act to comply with their obligations. I think it is typical of the fact that a lot of companies don’t take information privacy legislation seriously. I know there are sanctions of 5000 pounds and the PR consequences, however for individuals whose data breaches never make it to the press because they not high profile the effects can be life changing and catastrophic.
The peddling of information about the personal lives of others is not a novel phenomenon. Personal information and privacy are highly trafficked commodities, and there is a pervasive and lucrative market for the unlawful trade in private confidential information. (financial institutions, marketing companies, lawyers, private investigators)
The trafficking in such information is systemic, highly organised and sophisticated and largely operates underground, involving networks of persons including large commercial interests in addition to public and private sector organisations and individuals not directly associated with, or knowingly involved with the the ultimate purchaser and supplier.
The market price attached to the trade of private confidential information is usually a tangible one, however many cases illustrates the unforeseen, grave irreversible and intangible consequences flowing from serious threats to personal privacy. The many tragic incidents which touch and affect the lives of persons daily resulting without high profiles who suffer privacy breaches ordinarily don’t surface.
Disgruntled or estranged spouses, persons involved in identity theft, blackmail can be the driving motive. There are different motives and obviously the Duchess of York scenario falls into a category of it’s own.
Public bodies holding personal information about individuals include government jdepartments and agencies, local authorities, the National Health Services, the police, banks and other financial institutions, supermarkets,
telecommunications providers and transport operators all hold increasing amounts of information about individuals. The sharing of information across agencies increases the use of security breaches by third parties.
I can’t say I am in favour of the original proposal for the Section 55 offence to be made custodial in line with the Computer Misuse Act and my concern is not really aimed at journalists, although it is clear that irresponsible journalism has had catastrophic consequences too.
I just think that there isn’t enough awareness of the day to day infractions of information privacy laws which occur due to sloppiness and a lax attitude to information privacy laws in all countries.
I realise that he protection from the section 55 offence is aimed at protecting the investigative journalist or journalism that has a public interest. So it begs the question of what kind of journalism meets the public interest threshold.
The ultimate purchaser of information is typically perceived to be the journalist in search of a story. However, the fact is that many professions barter in confidential information, not just in the practice of journalism, and a lot of damage is done in the process which goes unnoticed.