The Information Commissioner advised the Home Office against a key measure of its recent Data Protection Act amendment giving banks the power to administer an account without the knowledge of the account holders.
The measure has been put in place to prevent the re-use of payment cards to purchase child pornography and is explicitly limited only to that situation. Though the Information Commissioner's office mostly backs the change, it believes that it goes too far in one key respect.
"We were not persuaded that the part about administering the account was necessary," a spokeswoman for the Information Commissioner said. The Commissioner was consulted by the Home Office on the draft of the Home Secretary's Order amending the Act.
The draft Order says: "The processing of information about a criminal conviction or caution for an offence listed in paragraph (3) relating to an indecent photograph or pseudo-photograph of a child is necessary for the purpose of administering an account relating to the payment card used in the commission of the offence or for cancelling that payment card."
"We think it would have been enough to confiscate the card," said the spokeswoman, who confirmed that this would leave a person with an account but without the physical card that went with it.
The term "payment card" in the legislation refers to credit cards and to debit cards, so the "account" mentioned could be a full bank account, and not just a credit card account.
The measure has been established to prevent the use of credit cards to purchase child pornography at the request of payments body APACS. An APACS spokeswoman said the information could only go to the issuer of a card used for an offence. "There is nothing to stop that person going to another bank for another card," she said.
- Draft Data Protection (Processing of Sensitive Personal Data) Order 2006
- Explanatory Memorandum to the draft Order (2 page/23KB PDF)
Copyright © 2006, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.