I have been reading recent posts with interest especially about the lack of time to produce detailed reports, lack of information etc. I feel that I have to point out the following to all those involved in either the CRC’s or the NPS: you are obligated under the provisions of the Data Protection Act 1998 to ensure that any personal data you place into a client’s file is completely accurate and any information you put into a report on a client is also required to be accurate and verified for accuracy..
This also means that you have a legal obligation to ensure that any piece of personal information you record in a client’s file is not “misleading as to fact”. If you do not do this, you are not only breaching your client’s data protection rights but you are also breaking the law. At the very least this could mean formal complaints against you or an investigation by the Information Commissioner’s Office or even a law suit.
It has always surprised and appalled me in equal measure that probation officers seem to be completely oblivious in relation to their legal obligations under the Data Protection Act. You deal with personal data every day in your jobs and should therefore take steps to educate yourselves about your legal obligations in this regard yet you do not.
Data protection isn’t some vague fuzzy concept only paid attention to by someone at head office; it is part of your job and the failures to uphold your legal obligations towards your clients in respect of data protection issues means you are breaking the law. Given that you are supposed to help clients to stay on the straight and narrow, breaking the law doesn't really set a very good example for the client.
Now this may not bother you (it apparently doesn’t bother my OM who sees no reason why she has to uphold the law in anything let alone the issue of accuracy of what she records in my file) but there are legal consequences for failing to adhere to your legal obligations in this respect. This may not bother you but it sure as hell will bother your employer when it is forced to deal with the fallout and investigations and potential fines that can be imposed let alone compensation that could be awarded.
I suppose there are some probation officers who think that most of their clients are illiterate idiots who won’t know about the Data Protection Act and their rights under that Act so breaching the client’s data protection rights won’t come back to bit them in the butt but just bear in mind that all it would take to derail an entire CRC or NPS office is for every client (or even just a few) to request a copy of their file and then to raise a formal complaint about the inaccuracies in respect of personal data in their files (because in my experience there are likely to be numerous factual inaccuracies and information in the file which is misleading as to fact) for the entire system to come crashing down. Especially because the DPA requires a data controller (e.g. CRC or NPS) to have procedures in place for ensuring accurate recording of personal data and you have legal obligations to respond to complaints and amend inaccurate personal data within specified time frames.
You are, of course, entitled to express your professional opinion about a client in a client file but each and every time you do so you need to ensure that it is recognisable as a professional opinion and is not presented as a fact”. In other words, if you are not presenting a fact e.g. John is six feet tall (you had him measured), you should preface what you are saying with the phrase “in my professional opinion . . .” to cover your butt.
I suppose there are some probation officers who think that most of their clients are illiterate idiots who won’t know about the Data Protection Act and their rights under that Act so breaching the client’s data protection rights won’t come back to bit them in the butt but just bear in mind that all it would take to derail an entire CRC or NPS office is for every client (or even just a few) to request a copy of their file and then to raise a formal complaint about the inaccuracies in respect of personal data in their files (because in my experience there are likely to be numerous factual inaccuracies and information in the file which is misleading as to fact) for the entire system to come crashing down. Especially because the DPA requires a data controller (e.g. CRC or NPS) to have procedures in place for ensuring accurate recording of personal data and you have legal obligations to respond to complaints and amend inaccurate personal data within specified time frames.
You are, of course, entitled to express your professional opinion about a client in a client file but each and every time you do so you need to ensure that it is recognisable as a professional opinion and is not presented as a fact”. In other words, if you are not presenting a fact e.g. John is six feet tall (you had him measured), you should preface what you are saying with the phrase “in my professional opinion . . .” to cover your butt.
Given that apparently a lot of butt covering goes on in probation and this is likely to increase as TR progresses, I am always surprised that your average probation officer isn’t aware of this and there is a consistent failure to properly record what is a professional opinion and what is a fact. Moreover you are legally obligated to take reasonable steps to verify the accuracy of any personal data given to you about the data subject by a third party before you put it into the data subject’s file.
This does not mean doing nothing as seems to be current and historical practice. At the very least it requires you to ask of the third party what steps they have undertaken to verify the accuracy of the data they have given to you and if they cannot provide this information then when you record the information in the client file you need to make it clear that you have not been able to verify the accuracy of the information provided by the third party.
You cannot simply assume that if it comes from a “trusted source” e.g. police, courts etc that it is accurate and the law requires that you make your own investigations in respect of the accuracy of the data provided to you. Fail to do so and if the data turns out to be inaccurate (and let’s face it we’ve all seen instances where through human error stuff has turned out to be plain wrong) you have broken the law because you didn’t take any steps to verify it. If said inaccurate data led you to make recommendations about a client that severely impacted on sentence (say if they are IPP) or their licence conditions etc then you may well be liable for compensation and redress to the client.
You are also required under the DPA to be able to show where you got any and all information you have in a client’s file. So if you got sent a fax from social services for example which is a letter say not from social services to probation but from someone else and social services were given a copy of it and have now given it to you, you need to keep the fax cover sheet to show who the information is from and when it was received so there is a paper trail relating to the letter. You cannot ditch the fax cover sheet as current practice in at least my CRC does, because then you are unable to provide the data subject with the information as to where you obtained the letter from. The law is clear that you have to be able to provide a paper trail detailing where you received every single piece of information in a client’s file from.
If you fail to accurately record each and every piece of personal information in a client’s file or write a report about a client, put in information which is misleading as to fact or do not clearly distinguish a professional opinion from a fact or present your professional opinion as fact you are breaking the law and are thus liable under the law for those breaches.
You are also required under the DPA to be able to show where you got any and all information you have in a client’s file. So if you got sent a fax from social services for example which is a letter say not from social services to probation but from someone else and social services were given a copy of it and have now given it to you, you need to keep the fax cover sheet to show who the information is from and when it was received so there is a paper trail relating to the letter. You cannot ditch the fax cover sheet as current practice in at least my CRC does, because then you are unable to provide the data subject with the information as to where you obtained the letter from. The law is clear that you have to be able to provide a paper trail detailing where you received every single piece of information in a client’s file from.
If you fail to accurately record each and every piece of personal information in a client’s file or write a report about a client, put in information which is misleading as to fact or do not clearly distinguish a professional opinion from a fact or present your professional opinion as fact you are breaking the law and are thus liable under the law for those breaches.
Ignorance of the law is not a defence in English/Welsh law so claiming you didn’t know what your legal obligations were won’t wash in respect of an investigation by the ICO into breaches of data protection rights or even a court case. Assuming that data protection is up to Head Office to worry about and thus not your concern is inaccurate and could land you in a whole heap of trouble.
For those who may be interested in finding out more on this subject, the Information Commissioner’s Office publishes a lot of very helpful help sheets on their website.
Anon
For those who may be interested in finding out more on this subject, the Information Commissioner’s Office publishes a lot of very helpful help sheets on their website.
Anon
