Before accessing or disclosing information, individuals must also consider
whether doing so would be proportionate (as described in paragraphs 4.4
above and 6.3 below). For instance, they must consider whether other, less
intrusive methods can be used to achieve the desired outcome;
Users must be trained on their professional and legal responsibilities, and
refresher training and/or updated guidance must be provided when systems or
policies are updated;
A range of audit functions must be put in place: users should be made
aware that their access to bulk personal datasets will be monitored and that
they must always be able to justify their activity on the systems;
Appropriate disciplinary action will be taken in the event of inappropriate
behaviour being identified; and
Users must be warned, through the use of internal procedures and
guidance, about the consequences of any unjustified access to data, which can
include dismissal and prosecution.”
46. In addition, Intelligences Services are required to take specific measures “to
reduce the level of interference with privacy arising from the acquisition and
use of bulk personal datasets” (§5.3). Specifically:
“5.3 The Intelligence Services also take the following measures to reduce the
level of interference with privacy arising from the acquisition and use of bulk
personal datasets:
Data containing sensitive personal data (as defined in section 2 of the DPA)
may be subject to further restrictions, including sensitive data fields not being
acquired, sensitive fields being acquired but suppressed or deleted, or
additional justification required to access sensitive data fields. In addition, the
Intelligence Services may expand the list of sensitive data fields beyond those
provided for in section 2 of the DPA to provide additional protection where
appropriate.
Working practice seeks to minimise the number of results which are
presented to analysts by framing queries in a proportionate way, although this
varies in practice depending on the nature of the analytical query;
If necessary, the Intelligence Services can - and will - limit access to
specific data to a very limited number of analysts.”
Disclosure
47. The disclosure of BPD outside the Intelligence Service which holds it can only
occur if certain conditions are complied with:
“6.1 Information in bulk personal datasets held by an Intelligence Service may
only be disclosed to persons outside the relevant Service if the following
conditions are met:
that the objective of the disclosure falls within the Service’s statutory
functions or is for the additional limited purposes set out in sections 2(2)(a)
and 4(2)(a) of the ISA 1994 and section 2(2)(a) of the SSA 1989;
66