What data requests are really in the public interest?

Last week, British insurance company Hiscox LTD went on trial accused of breaching data protection laws when handling a claim made by a customer regarding their £30,000 Swiss watch.

Hiscox allegedly required the claimant to supply information about criminal convictions before the company would pay out on their claim.

The company is accused of asking for this information on three occasions in 2015 and asking the claimant to make a subject access request to the Criminal Records Office to get hold of the information.

This came after the legislation updating the 1998 Data Protection Act had come into force prohibiting companies from making such demands.

The prosecuting Information Commissioner’s Office (ICO) told the jury that by asking the claimant to supply the information held about them by the Criminal Records Office, the insurance company was breaching the law on data protection.

Hiscox is expected to present its defence later, claiming that the information was in the public interest.

In 2016, the ICO released ‘The Public Interest Test’ (Click Link) for companies to check whether their use of data is a genuine public interest demand.

Whilst the public interest covers a wide range of values and principles, it is generally understood that there is a public interest in good decision-making by public bodies, maintaining integrity and ensuring justice and fair treatment for all, securing the best use of public resources and ensuring fair commercial competition. The list is not exhaustive, making the ‘public interest’ an argument for use of data is difficult ground.

Hiscox LTD could face an unlimited fine if found guilty by the ICO, in a case that is thought to be one of the first of its kind.