David Kearns writes that the General Data Protection Regulation (GDPR) could drag private investigators out of the cloak-and-dagger mentality and into a customer-focused, well-regulated trade.
Eighteen years ago, I left the police after more than 13 years in the service to start a career in the private investigation sector. At that time, the sector was not regulated; you could operate with no insurance, skills, qualifications or experience and could even do so with a criminal record. This contrasts somewhat with the perception of the work as sexy, subversive and devious, where skilled investigators could uncover all sorts of evidence using only their experience and training.
The industry model allowed investigators to subcontract work to other investigators, often without having met, vetted or proven any skills and qualifications of the subcontractor. Investigators would be found in the Varsity Directory of Investigators, Yellow Pages, or the (then) newly emerging internet.
The two main industry bodies were immature in their professional approach, but at least had systems in place to ensure members had professional indemnity insurance, references and no criminal convictions.
Many excellent people operated in this arena, coming from careers in the police, military and other law enforcement or investigative backgrounds. The majority adopted the associate model: charging little for services and offering low standards of customer care. They often acted with minimal customer-related professionalism or investment in training, education, staff and equipment. Many of the professionals arriving to the industry post-career were looking to ‘prop-up a pension’ or felt they were ‘too young to retire’ and had five to ten years or more employment left in them.
Skip forward to 2018
- Is the industry ‘licensed’? No
- Do you require a criminal records check to work in investigation? No
- Must investigators be vetted before subcontracting? No
- Do investigators all have professional indemnity insurance? No
- Do you need experience in the industry before starting to practise? No
IPs: how well do you know your investigator?
It is clear there is still a risk to the whole commercial and insolvency sector that regularly calls upon the services of the investigation industry to assist with civil or criminal matters.
An insolvency practitioner (IP) may have a comfortable long-standing relationship with an investigator and their reputation, but how do they ensure that their investigator is GDPR compliant and has professional indemnity insurance?
Sensitive data is passed from the IP to the investigator. How is the investigator ensuring the credibility of that data? How is that data stored and protected? Is that data passed to another individual or investigator through a subcontract or associate model? Where, then, does the liability and the risk lie when that data is compromised? Is it compromised because the investigator’s computer system is not secure, or because a document has been stolen from a vehicle, left in a café, served upon the wrong individual or brought into the public domain through poor processes? Has a surveillance operation been compromised or have incorrect enquiries have been made?
The GDPR is a blessing
Thank goodness for GDPR. Insolvency practitioners will now have to ask their investigators to prove their credentials, insurance and GDPR compliance to clients. Investigators’ clients MUST now ask who they are dealing with, how their data is being stored and who it is being passed to, how subcontractors are storing that data and whether all parties are GDPR compliant. An investigator should supply ALL relevant proof before instructions to investigate are supplied.
Each insolvency practice, law firm, commercial client and any person using the services of an investigator should hold relevant documentation prior to instruction. This will need to be a simple process to show:
- professional indemnity insurance
- other associated insurance
- GDPR compliance and data route map
- relevant security, encryption and firewalls for computer systems (many investigators work from home on what
- might be deemed a ‘family computer’)
- specific references from professional individuals, showing name, position and company
- a DBS check for each investigator
- whether the investigator is subcontracting – each subcontractor should also supply the above information
- non-disclosure agreements
- standard terms and conditions
Individual relationships with investigators may well be a thing of the past. IPs may need to behave as companies, keeping an approved supplier list in order to ensure that all relevant compliance is preserved as wholly as possible.
The changing face of the industry
Investigators have lived for too long on their ‘cloak and dagger’ reputations, which have been beneficial to the unregulated. GDPR has brought a huge opportunity for investigators to propel themselves into a regulated, streamlined, customer-focused and efficient service industry.
However, the question remains: will the supposed 10,000 private investigators in the UK comply? My own qualitative research suggests that only 23 per cent of individual investigators will comply with insurance, not factoring in the other checks and balances. It may be that over time many investigators decide that adhering to compliance, skills, polices and process is too high a bar to hurdle and vacate the industry, leaving behind a sector of professional, committed and responsible specialists to pick up the work.
David Kearns is managing director at Expert Investigations.
Source: Recovery News