Scroll Top

DEMYSTIFIED ICO DAWN RAID

The right of information in the public interest is upheld by Information Commissioner’s Office (ICO) by promoting openness through public bodies and protecting individuals’ data privacy. The common role of the Information Commissioner Office is to investigate complaints received from the

What is an ICO Dawn Raid?

The right of information in the public interest is upheld by Information Commissioner’s Office (ICO) by promoting openness through public bodies and protecting individuals’ data privacy. The common role of the Information Commissioner Office is to investigate complaints received from the general public who believe that an official has failed to provide an individual with a piece of the requested information.

The Data Protection Act 2018 (DPA) empowers the Information Commissioner’s Office (ICO) with a range of investigatory and enforcement powers, that includes the power to enter a company’s premises and inspect any materials to establish compliance with data protection legislation. Part 5 of DPA explains the role of ICO and Part 6 covers its investigatory and enforcement powers.  These ballooned powers are alike the powers held by UK and EU antitrust authorities. The power of ICO to inspect a company’s premises without any notice is commonly known as a “Dawn Raid”.

Every company subject to data protection legislation and regulations is bound to co-operate with and provide relevant information to the ICO to meet its statutory objective. In lack of such cooperation, ICO may visit the company either on notice or dawn raid the company premises to furnish the required information. Under the data protection act, the ICO has the power to convey an assessment notice to request entry into a Company’s premises on a seven days’ prior notice. On the other hand, if the Company does not provide any consent to the entry or inspection of the premises, then ICO will need to get a warrant. Where consented by the company, ICO can enter and inspect the company without a warrant, but cannot use any powers to seize any material.

What are the ICO’s Power’s in a Dawn Raid

Section 146 and Schedule 15 (paragraphs 1 – 4) outline the ICO’s power to issue an assessment notice and inspect the premises and equipment of an organization, whereas Schedule 15 (paragraphs 5 and 7) makes the client aware of what they can expect from inspectors on a raid. It is as follows:

  • enter and search the company’s premises
  • examine, operate, test, and scrutinize the equipment found on the company’s premises
  • capture the materials found on the premises if helpful to prove an offence
  • question any individual on the premises and ask for an explanation of any material found or acquire copies of information that determine the company’s failure to comply with the DPA
  • rational to use force if required to execute the warrant
  • search employees’ homes if warranted by a judge
  • besides, doors and cupboards can be sealed to avoid any interference with documents in case Dawn Raid lasts for beyond a day

What information can be withheld from the ICO

As per section 147(3) and Schedule 15 (paragraph 11) of the DPA, legally privileged information also referred to as “Materials” can be withheld from the ICO during a Dawn Raid. These materials are confined to privileged communications between a competent legal adviser and adviser’s client, also include litigation materials used for actual or pending legal proceedings. To avoid any breach, it is important to keep these materials separately from other materials and to make a privilege claim at the earliest of the investigation.

Please be informed that confidential documents have no protection and thus cannot be withheld from the ICO. Generally. ICO inspectors are not permitted to examine documents that are irrelevant to the subject matter of the investigation. But, it is paramount that clients are aware of their rights under legal privilege, as a warrant can never override privilege.

Practical information on how to react

To avoid the immediate disruption as well as reduce longer-term legal and business risks followed by the ICO dawn raid, every business must be prepared for the chances of an on-notice and unannounced inspections by the ICO. In such a situation, it is advised to respond as follows:

  • Be calm and courteous to the police/officials. Attend investigators into a meeting room far from reception and other working areas and offer them tea/coffee.
  • Request investigators’ business cards to see their
  • Have a look at a copy of the search warrant or, if there is none, ask the police/officials to explain the legal basis upon which they propose to search
  • Get in touch with external counsel for a bit of real-time advice over the
  • Contact senior management of the company. Also, connect a senior member of the team to be the contact person for
  • Let investigators be informed that counsel is on its
  • Request investigators if search may be delayed till counsel arrives, if not accepted, do not obstruct the search, instead of cooperating.
  • Make a note of what investigators say and also a list of documents requested and materials seized. Maintain a written record of where investigators go and what they look
  • Keep the materials protected by Legal Professional Privilege separately and let investigators be informed that those materials are privileged. If investigators still insist on seizing them, brief them that those are privileged materials and must be kept distinct, secured (‘blue bagged’), not to be seen by the investigating team, and returned.
  • If questioned, ask investigators if you are obliged to answer and clarify on legal background for the same. On a search, questions should be administrative (e.g. “where is x?” etc.). Any suspect subject to an interview under caution has the right for legal counsel to be present at the time and to remain silent/no comment.
  • In the presence of legal representation, inform investigators that you/employees are represented by counsel and would like to consult
  • Request for a list of seized

Other information

  • How to Prepare:
  • Similar to fire drills being conducted, businesses should implement a drill for a dawn raid/search policy and make staff aware with basic training on how to deal with a
  • Policies and training should be checked and updated every year as necessary.
  • Review and update as per data protection compliance procedures also competition dawn raid guidelines to be safeguarded from the powers of ICO to carry out unannounced
    • What NOT to Do:
  • Being obstructive or captious
  • Panic and destroy, delete or hide any
  • Notify anyone about the
  • Provide any consent to search without consulting legal

Are dawn raids legal?

If any infringement of competition law is suspected by the competition authority, it may carry out uninformed inspections at the premises of companies suspected of involvement (Note in some circumstances, at the premises of their customers and/or competitors as well). It is important to note that the powers of the investigation authorities are limited to certain restrictions:

  • It cannot use force against any
  • It cannot surpass the limit of the reason for which the dawn raids have been
  • It cannot interfere with the scope of legal

Who can carry out dawn raids

  • Serious Fraud Office (SFO)
  • Financial Conduct Authority (FCA)
  • Police

Conclusion

It becomes stressful and disruptive for organizations to be on receiving end of a dawn raid headed by say, the Competition and Markets Authority (CMA) or the European Commission (EC). A recent instance of ICO dawn raid is in October 2019, when ICO in his powers carried out a dawn raid on an unnamed business premise in Chichester suspected of making nuisance pension calls. It was part of the investigation to verify business compliance concerning data protection rules and regulations. Usually, the consequence of such dawn raids is much damaging for organizations as well as individuals.

With times there is a rise in focus of responsibility and conduct of organizations and individuals of both regulated and unregulated sectors. Moreover, this has led to increased chances of dawn raids by a range of regulatory bodies. In such a situation, where visits are unannounced, it’s important to have a strategy planned for the day itself and the follow-up so as not to be caught completely cold. For any organization with the potential risk of a dawn raid, it is necessary to have an in-house counsel closely involved in the contingency planning, with lawyers having specific roles to play. This helps to handle dawn raids on the day itself, and also in the follow-up work.

Author(s) Name: Adishree Rajendra Ghorpade (Savitribai Phule Pune University)

Related Posts