by Mike LaCorte, President of The Association of British Investigators
This is major industry news in the UK and I wanted to share this with the professional community.
I am delighted to announce that the UK data protection supervisory authority, the ICO (Information Commissioner’s Office) by its deputy Commissioner officially APPROVED the Association of British Investigators’ (ABI) Code of Conduct! Click here to view the ICO Press Release which has been widely circulated throughout the UK.
The ABI has secured a landmark achievement with the approval of its UK GDPR Code of Conduct for Investigative & Litigation Support Service Providers by the ICO—which began October 2024. This milestone is a significant advancement for UK professional investigators, providing them with a clear, practical framework to ensure compliance with one of the most rigorous data protection regulations in the world.
While its immediate impact is focused on the UK, the benefits of this Code extend beyond British shores, offering insights and best practices that resonate with investigators worldwide. With privacy laws becoming increasingly stringent globally, this development sets a powerful example of how professional investigators can align with data protection regulations without compromising operational efficiency.
What is the ABI UK GDPR Code of Conduct?
The ABI’s Code of Conduct is a carefully crafted guideline designed to address the unique challenges faced by professional investigators. It ensures compliance with the principles of the UK General Data Protection Regulation (GDPR), while accommodating the specific needs of the investigative industry, such as handling personal data, working covertly, and preserving confidentiality.
Key elements of the Code include:
1. Roles & Responsibilities: Guidance on the tricky decision for the compliance of responsibilities between the investigator and their client.
2. Carrying Out a Risk Assessment: An explanation when an assessment is needed, how to do it with a handy detailed template.
3. Lawful Basis for Data Processing: Clear advice on establishing the lawful basis, such as legitimate interest or consent, for data processing activities.
4. Legitimate Interest Assessment: As most investigative activity involves invisible processing, that’s where the individuals are unaware they are being investigated, the lawful basis is likely to be legitimate interest so the Code provides the guidance to assist the investigator to justify their reliance on this lawful basis.
5. Consent to Share: Following on from the legitimate interest, the Code provides a useful mechanism by which the investigator may accept an assignment where the client’s interest are outweighed by the rights and interests of the subjects, whilst protecting those rights and remain lawful.
What is the Code and what are its benefits?
• Voluntary scheme for all service providers (ABI and non-ABI Members)
• Managed by an independent Monitoring Body
• Sector specific good practice guide
• Familiarity with key issues
• Clarity on how to address them
• Increases accountability & credibility
• Code members are listed in the unique code register
• Compliance training
• Understanding data protection principles
• Credibility with potential clients
• Instilling confidence in individuals
• Potential increase in business
• Consideration by ICO in any enforcement
Here’s how it works:
1. Clear Guidance on GDPR Compliance
Navigating the complexities of GDPR can be daunting for investigators, especially given the sensitive nature of their work. The ABI Code simplifies this process by offering industry-specific guidance, ensuring investigators comply with the law while conducting effective investigations.
2. Enhanced Credibility and Client Confidence
For clients, the assurance that an investigator adheres to an ICO-approved Code of Conduct builds trust. It demonstrates a commitment to ethical data handling, increasing confidence in the investigator’s professionalism and integrity.
3. Protection Against Legal Risks
Non-compliance with GDPR can result in severe penalties, including significant fines and reputational damage. By aligning with the ABI Code, investigators can mitigate these risks and safeguard their business from potential legal challenges.
4. Raising Industry Standards
The Code promotes higher standards across the UK investigative profession, differentiating ethical and professional operators from less reputable ones. This enhances the overall perception of the industry and builds trust with the public and clients alike.
5. Practical Tools for Day-to-Day Operations
From working out responsibilities to managing risk assessments, the ABI Code provides actionable steps to handle common scenarios investigators face. This not only ensures compliance but also streamlines operations, saving time and resources.
(story continues below)
(story continues)
International Relevance: A Blueprint for Global Investigators
While primarily designed for UK investigators, the ABI Code has significant implications for international practitioners:
GDPR’s Extraterritorial Reach
The UK GDPR applies to businesses and investigators outside the UK if they process the personal data of UK residents. For international investigators handling UK-related cases, the ABI Code offers a ready-made guide to ensure compliance.
Influence on Other Jurisdictions
Many countries, such as Brazil (LGPD), South Africa (POPIA), and Australia (Privacy Act), have implemented GDPR-inspired data protection laws. The ABI Code provides a model for investigators in these regions to develop compliant practices tailored to their local legal frameworks. Several countries in the EU are actively looking at the ABI Code and communicating with their respective regulator for exploring implementation.
Streamlining Cross-Border Investigations
Global investigations often involve handling data across multiple jurisdictions. The ABI Code’s guidance can help other international investigators establish a consistent, GDPR-compliant approach to data handling, simplifying cross-border collaboration and minimizing risks.
Inspiration for Regional Codes
The ABI Code sets a precedent for other professional associations worldwide to create their own sector-specific guidelines. This fosters global alignment in data protection practices, benefiting the broader investigative community.
Practical Applications for UK and International Investigators
For UK Investigators:
• Strengthening Competitive Edge: Adopting the Code can differentiate investigators in a competitive market by showcasing their commitment to professionalism and data protection.
• Minimizing Compliance Costs: The Code acts as a comprehensive guide, reducing the need for costly legal advice or trial-and-error approaches to GDPR compliance.
• Preparing for Audits: By adhering to an ICO-approved framework, investigators can confidently demonstrate compliance during audits or client inquiries.
For International Investigators:
• Adopting GDPR Principles: The Code provides a roadmap for investigators in non-GDPR jurisdictions who handle UK or EU data.
• Fostering Collaboration: Compliance with the ABI Code facilitates smoother partnerships with UK investigators, ensuring consistency in data handling practices.
• Enhancing Professionalism: Leveraging the Code as a benchmark can help international investigators elevate their standards and gain a competitive edge in their local markets.
Challenges and Opportunities Ahead
Challenges for UK Investigators:
Implementing the ABI Code may initially require operational adjustments, such as revising contracts, updating client communications, and training staff. However, these investments are outweighed by the long-term benefits of compliance, risk mitigation, and enhanced client trust.
Opportunities for International Investigators:
International investigators (in jurisdictions where there are no license requirements) can capitalize on the ABI’s leadership by advocating for similar initiatives in their regions. Collaborating with regulators and professional bodies to develop equivalent codes can position them as pioneers in their markets.
(story continues below)
Conclusion: A New Era for the Investigation Industry
The ABI UK GDPR Code of Conduct is more than a compliance tool—it’s a milestone in the evolution of the investigation industry in the private sector. For UK professional investigators, it provides the clarity and confidence needed to navigate GDPR’s complexities while maintaining the effectiveness of their work. For international investigators, it serves as an inspiring model for aligning with global data protection standards.
As privacy laws tighten worldwide, the ABI Code offers a forward-looking approach that balances investigative efficiency with the highest ethical standards. For investigators committed to professionalism, it’s not just about compliance—it’s about leading the way in a rapidly evolving industry.
By embracing this Code, UK investigators can reinforce their position as trusted professionals in a competitive market. And for those operating globally, adopting its guidance can ensure they remain at the forefront of ethical and effective investigative practice in an increasingly interconnected world.
For details on how to apply for Code Membership and the requirements, CLICK HERE.
This is the circular that was sent to the World Association of Detectives (WAD) membership once the Code of Conduct was approved:
I wanted to take a moment on behalf of the ABI to extend a heartfelt thank you to everyone who has been part of this journey—whether by attending seminars and workshops, actively contributing to consultations, providing valuable feedback or providing direct assistance in drafting the Code. I would like to acknowledge especially the contributions of WAD members Dick Smith QPM and Vice President Mark Hodgson and Chairman Nicci Ashby.
Above all, I would like to recognize the vision and tireless efforts of WAD Member Tony Imossi (ABI Secretariat and WAD 2023 Norman J Sloan Award recipient), without whom this Code could not have achieved final approval. Tony’s invaluable expertise has helped shape the ICO’s approach to many of the key challenges addressed in the Code. The finished product is a testament to the unwavering perseverance, dedication, resilience, and hard work that has gone into developing the ABI Code over these past five years.
From the outset, gaining support from the legal profession was essential, and I’m pleased to share that both the Law Society and the Solicitors Regulation Authority have backed this initiative since day one. They remain committed to promoting this unique, self-regulatory regime. Achieving Code membership is open to all practitioners who meet the criteria, which has been set on a level basis, as to skill, fit & proper standard and cost. This milestone offers a pathway to unite an otherwise fragmented and largely unregulated industry. The Law Society, along with the GC and the ICO, shares the vision of how transformative this Code could be. Additional stakeholders, including government departments and law enforcement, have shown keen and encouraging interest in the Code.
What’s next?
Once the monitoring body receives its final approval, the ABI will implement the program. Information on how to sign up for the Code can be found here.
Emily Keaney, Deputy Commissioner for Regulatory Policy at the ICO said: “Codes of Conduct are an excellent way of helping organizations demonstrate data protection compliance and protecting people’s data rights, and we are delighted to have approved the first Code of Conduct under UK GDPR. They enable organizations to address and resolve any data protection challenges, whilst also providing transparency and regulatory certainty.
“We hope that our approval of this code encourages other sectors to also recognize the benefits of developing their own codes of conduct, demonstrating best practice and accountability.” Tony Imossi, the Secretariat of The ABI and author of the ABI Code of Conduct added: “The code exemplifies the ABI’s commitment to professional investigations, upholding the highest standards of integrity and confidentiality. This is crucial for ensuring trust and compliance with the data protection law.”
For further information on the ABI Code of Conduct, please visit the ABI website www.theabi.org.uk.
About the Author
Mike LaCorte is the CEO of Conflict International and has established a distinguished reputation in the field of global intelligence and international investigations. He is a past President and Chairman of the World Association of Detectives, the oldest and largest global association in the field. In 2024, Mike was appointed President of the Association of British Investigators (ABI), further solidifying his leadership position within the investigative community.
We’re always listening. Send your story submission/idea to the Editor: kendra@orep.org.