CaseLines users are often concerned to ensure that use of the CaseLines service is consistent with their obligations under the Data Protection Act 1998 (the “DPA”).
CaseLines has addressed the key issues through its terms and conditions, in two key respects, so that users can be reassured that they are more likely to be DPA compliant through using CaseLines than with alternative approaches. They key provisions are:
Formal data controller/data processor provisions are incorporated in the customer terms and conditions
A data sharing protocol is built in to the user terms and conditions, which binds third party users to observe appropriate controls even if they do not have a formal agreement with the party that created the case to which they have access
CaseLines provisions are stronger than traditional alternatives
Legal proceedings cannot operate effectively without the sharing of data, which of necessity will often include sensitive personal data. Users of CaseLines are bound to a data sharing protocol. Additionally, CaseLines offers a secure way to share that data, ensuring that any party that becomes a data controller by virtue of being provided with personal data is capable of meeting the requirements of the 7th principle – that “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.
Without CaseLines, users must rely on paper or sending documents by email. Sending paper correspondence is covered by the DPA in exactly the same way as an electronic communication, since even in paper form the information is part of, or intended to be part of a relevant, structured filing system which will make information about individuals readily accessible. However, paper can be lost or misplaced, and has virtually no effective audit trail. Using paper does not simplify or relieve recipients of their obligations under the 7th principle – in fact the opposite. The alternative, sending documents (such as a pdf bundle) by email is far less secure than CaseLines, since documents are very commonly sent via unencrypted email, and there is no subsequent audit trail to allow enforcement of the security provisions.