In the third of four posts on asset recovery in fraud claims, Arun Chauhan and Elizabeth Rhodes consider issues around the appointment of private investigators and some of the potential pitfalls in outsourcing to these third parties.
Duties of a private investigator
Unlike the image portrayed in books, TV and film, private investigators collect information in line with your client’s instructions. Such instructions are typically provided by you as your client’s lawyers, but they can also be provided by other parties, such as accountants. They may even be made directly. The services of private investigators can be very useful for gathering information about assets or the lifestyle of a target individual.
A private investigator is an agent of their principal. As an agent, an investigator would owe your client, being the principal, a number of duties. These include, but are not limited to:
- Obedience.
- Care and skill in performing their services.
- Duty to account.
- Duty of good faith.
In line with these duties, an investigator should operate within the scope of their instructions (unless they are given a power of discretion) even if they consider that it would be in the best interests of your client to do otherwise.
Pitfalls of outsourcing asset information gathering
It is important that you set the tone at the outset of instruction, and then monitor services provided by a private investigator. One of the main reasons for this is to prevent falling foul of data protection legislation concerning the use and disclosure of personal data.
An investigation may require the investigator to collect and process information about an individual. The Data Protection Act 1998 (DPA) imposes conditions on the processing of such information.
While some private investigators know their obligations under the DPA, inevitably others may not. When appointing an investigator, it is likely that your client is asking them to be a data processor under section 1 of the DPA. It is a legal relationship that must be evidenced in writing (schedule 1, part II, paragraph 12 of DPA). If the relationship is not evidenced in writing, the justification for the transfer of personal information relating to the individual in question to the investigator as a third party may be unclear. This is likely to be a breach of the DPA in itself.
It is the responsibility of a data controller to ensure that a data processor complies with the principles under the DPA. This could be, for example, security of personal data. A private investigator will be acting on your client’s behalf. If an investigator breaches any of the principles under the DPA, your client will also be in breach of data protection law as a result of the investigator’s actions, unless you can show that the investigator stepped outside of the remit of their instructions. In addition, the evidence gathered by the investigator could be inadmissible at court due to the illegal nature in which it was gathered. The investigator’s actions could also result in a costs order against your client if the individual’s privacy has been breached.
Impact of a breach of data protection law
You need to recognise the investigator’s obligations under the DPA and ensure these are adhered to, particularly given the pending changes to data protection law. Currently, data controllers can be fined up to £500,000 for a breach of data protection law. However, the European Commission is focusing on increased harmonisation and bolstering rights for data subjects by amending the European data protection framework. The EU Data Protection Regulation is likely to come into force in 2018. The latest draft of the Regulation enables data protection regulators to impose fines of up to the higher of 2-5% of annual global turnover or EUR 100 million for certain breaches by data controllers.
A breach of data protection law by an investigator could therefore mean that, as a data controller, your client may be subject to a hefty fine. In addition to affecting your client’s financial status and reputation, this could also have an adverse impact on you and your firm. Your firm might be exposed to a professional negligence claim for any advice (or lack of, as the case may be) in respect of the investigator’s obligations and the client’s responsibility to ensure compliance with the DPA. There is also risk of a direct fine by the Information Commissioners Office. It is therefore essential to plan an investigation properly from the beginning.
Understanding of international differences
Another pitfall relates to some of the potentially legitimate techniques used by investigators, which may come into conflict with laws in other jurisdictions. Few lawyers understand the subtle differences in what is permitted in other jurisdictions or areas of practice beyond their remit. A good investigation company should. For example, one country may permit the tracking of individuals whereas another may not. Similarly, the placing of a tracking device on a vehicle may not be permissible in some jurisdictions. With this in mind, firms should ensure that the investigatory techniques do not breach overseas legislation when instructing an investigator on international asset tracing issues. Otherwise, the lawyer or client may face adverse consequences.
What happens if the evidence provided by the investigator is helpful but you have concerns about its provenance and legitimacy? Beyond the data protection issues with which a firm and client may need to be concerned, illegally obtained evidence may still be admissible in civil proceedings. However, use of such evidence will almost inevitably lead to questions by the court about its reliability and weight , the probity of the client and the source of evidence. No legal or litigation privilege will protect the material if it has been obtained through dishonesty or criminal means and the repercussions may well be significant.
Your instructions
The message is clear: set up your instructions correctly to ensure protection of the client and firm. Make it clear in your instructions that information cannot be obtained through any techniques that compromise any local laws. Have the investigation agent confirm the same in writing. Good investigation companies will be aware of and sign up to this requirement.
Benefits
The surveillance of defendants to gather information on lifestyle, associates and visible assets (such as addresses or vehicles), is sometimes invaluable. Equally, surveillance data showing that a rogue employee is breaching his or her terms of employment (by, for example, working with competitors or diverting goods) provides immediate evidence to seek injunctive relief. Finally, using investigators to gather company documents through official channels in other jurisdictions can often be easier than an alternative course of action: there is no trail to the person seeking the information.
Conclusion
There are several key messages:
- Know what information you are seeking.
- Know how it helps to build the case.
- Use the information to assess whether the defendant has the means to meet an award.
- Ensure the investigator can deliver what is wanted.
- Ensure the investigator agrees that their approach is lawful.
- Manage the client’s expectations about what is likely to be discovered.
- Ensure frequent dialogue with the investigator so that the process is not blown off course from the original plan and instructions.
Very useful read.
Thank you for publishing.
An excellent article. The Law Society of England and Wales, also the Law Society of Scotland endorses and recommends that it’s members use Investigators who are members of the Association of British Investigators, (ABI) for the very reasons you have mentioned in your article.
The ABI membership is strictly regulated by the Association, CRB Checked, DPA Registered and Compliant, Competency Tested, with regular updates on legislation and procedures with CPD events. Professional Indemnity, Public and Employee Liability Insurance is also a membership criteria.
By ensuring the Investigator you instruct is an ABI member your due diligence into the investigator is already done and is verified by the association on an annual basis. In the absence of any official regulation the ABI membership criteria is far more stringent than that suggested for any future Licensing of the Industry.
With a comprehensive Code of Ethics and strict discipline code, ABI investigators won’t leave you in the embarrassing situation of being subject of a ‘Costs Order’ or in breach of the Data Protection Act or any other relevant legislation.
Forgive me for taking this opportunity to push the ABI – check out the endorsement on the Law Society website or visit http://www.theabi.uk.org.
Paul Champion
President, The Association of British Investigators.
These are salient points that legal experts need to consider.
We are often called upon to investigate an individuals circumstances to ascertain what tangible assets they may possess or control, and it is often the case that solicitors do not ask the question surrounding DPA issues or if we are even registered with the ICO.
As well as considering the points made in this article under the conclusions heading, solicitors should also ask the private investigator if it will be them carrying out the instructions, or as is the case with many investigation firms, work is farmed out to another agency the solicitors are not aware of, and may well not conform with legislation surrounding the collection and handling of private information.
An interesting article, some points for the authors.
Regardless whether or not an investigator is given the power of discretion it will be very rare for a private investigator (PI) to assume the role of a data processor during an asset recovery investigation. Only when an investigator complies with ‘very specific’ instructions and does not exercise any control ‘whatsoever’ over the content of personal data/information would they assume the role of processor. Instructing a PI to take a single photograph or write a report could in accordance with the ICO render him or her a Data Controller.
Regarding ‘Pitfalls of outsourcing asset information gathering’
• The client should most definitely be instructing the PI as a Data Controller NOT a Data Processor.
• If clients are advised correctly, roles are clearly defined the PI (Data Controller) will carry the risk NOT the client.
• Illegal activity by legitimate professional investigation companies are very rare indeed.
In an unregulated industry why would a solicitor not be using members of the only private investigation association endorsed by its own Law Society… i.e. PI’s from The Association of British Investigators (ABI). It’s like asking a plumber who isn’t gas safe to fit your boiler and hope for the best! I’m not saying for one moment others can’t do a good job because they can, however the ABI enforce a raft of checks and balances to be in place hence their endorsement.
The risk increases significantly as mentioned above by Stephen Helliwell when the investigator sub-contracts to ‘unknowns’ on insecure online forum groups… *IT HAPPENS EVERY DAY* whilst some Solicitors are failing in their responsibilities as Data Controllers and not checking! this will inevitably continue. As the ICO clearly states, ‘the responsibility lies with the Data Controller’ The solution is very simple, use an endorsed investigator who specialises in that area and everyone is protected, this is not rocket science.
A most informative article. Anyone engaging a Private Investigator may also wish to consider whether the provider is certified against the relevant British Standard Code of Practice for Investigative Services – BS102000.
This Standard was first published in 2013, post-Leveson and should provide greater confidence over the choice of a Private Investigator as it enables the independent annual assessment of conformance against a wide range of recommendations, including legislative requirements such as the DPA.
See here for further information – https://ssaib.org/page/investigative-services/
Stephen Grieve,
Scheme Manager, SSAB