It looks as if the combined efforts of the WhatDoTheyKnow.com FOIA request submission and tracking website, together with the interest in the topic shown by the BBC Radio 4 iPM programme - Share What They Know?, has eventually resulted in the disclosure of the "missing" Statutory Code Of Practice, which is supposed to regulate the infinite powers under the Serious Crime Act 2007, for public authorities to share your personal sensitive data, without your prior informed consent, with private sector "specified anti-fraud organisations".
See our resulting FOIA request via the WhatDoTheyKnow.com website:
The actual Code of Practice is available from the WhatDoTheyKnow.com website entitled:
Data Sharing for the Prevention of Fraud (.pdf 277Kb)
Code of practice for public authorities disclosing
information to a specified anti-fraud organisation under
sections 68 to 72 of the Serious Crime Act 2007
Incredibly, in spite of all the recent lost sensitive private data scandals, this Code of Practice, which has been partly written by the Information Commissioner's Office, somehow manages not to make a single mention of strong encryption !
Surely the mandatory use of strong encryption should be clearly spelled out in this Code of Practice, instead of vague weasel words like
having agreed, secure methods for transferring data;
which have failed so spectacularly at HM Revenue and Customs or the Ministry of Defence in the last year or so ?
There is no clue as to why, when the Code of Practice was presented to Parliament on their return from the Summer recess, on Monday 6th October, but the accompanying Statutory Instrument came into force on 1st October.
Why could the Home Office not have made the legal powers only come into force at the same time, or after the publication of the Code of Practice has been discussed in public and in Parliament ?
Were they planning to dither and prevaricate and not bother publishing this weak Code of Practice for several months longer ?