recent work

Is the Serious Organised Crime Agency (SOCA) breaching the Data Protection Act?

The London Evening Standard has today reported of the criticisms made by the Information Commissioner’s Office (ICO) about the Serious Organised Crime Agency.

The Agency holds a secret database detailing a ‘shadowy’ register of suspected criminals of money laundering and fraud. According to the ICO, the operation of this database breaks data protection and human rights laws.

The database, known as Elmer, holds the information of over one million people, although ‘many may be innocent’ – and the ICO has questioned whether the database is therefore ‘justified, necessary and proportionate’, as per the Terrorism Act 2000 (whereby every employee in the finance industry is required to send Soca the details of any customer they suspect of a financial crime, and are asked to include information such as their national insurance number, vehicle registration, account numbers and details of relevant transactions). Once on this database, a person’s information will be stored on it indefinitely.

Tory peer Lord Marlesford said: “This database sounds like something used by the Stasi in communist Germany. It is in effect a secret database of suspects – none of whom know they are on it nor can they respond to the allegations. It is most un-British and most undemocratic.”

Assistant Information Commissioner Jonathan Bamford said: “Many of these entries are of no ongoing interest to the law enforcement community and do not comply with the Human Rights Act or the Data Protection Act.” Former shadow home secretary David Davis, who campaigns on civil liberties, said Soca should remove “all entries that are trivial and unproven”.

A Soca spokesman said: “We accept the Information Commissioner’s findings on retention and deletion periods and already have work in hand to bring current practice into line with ICO requirements.”

To see the article in full, go to now.

Absolute Data works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked and under-funded in organisations and an area where we can have a big impact for a modest investment.
By having a documented procedural system for data management, the chances of getting it right first time will be increased. By reviewing such systems, organisations will continually improve data management systems. This is something that Absolute Data does and can help you with.
For further information, please contact us now at