February 7, 2016 was the effective date for the Act of January 15, 2016 on Amendments to the Police Act and Certain Other Acts (Journal of Laws of 2016, item 147), generally known as the "Blanket Surveillance Act". It introduced essential amendments to the operation of the uniformed services1, including operational surveillance procedures, and the services' ability to collate data from telecom, postal and e-service operators.

As you are very likely to use the services of any of the above companies, or may actually be classified as one of them, please take some time to read the most important amendments.

Most important amendments

  • The uniformed services will now be able to obtain data2 which is not part of a postal message or telecom transmission and data other than the content of an e-service, and their use of this operating technique will only be checked post facto by regional courts.
  • Telecom companies, postal operators and e-service providers will be required to provide the data referred above free of charge, including by means of a fixed connection.
  • New rules for handing over data containing or likely to contain client-attorney privileged content, with the proviso that investigators will be able to read all the content obtained with the use of their operating techniques before the court approves the use of this information in the investigation.
  • Operational surveillance may take up to 18 months.

Risk areas

  • The vast scope of data which may be secretly accessed by the uniformed services considerably impairs everyone's ability to protect private or confidential information, including legally privileged secrets. The amendments provide that the uniformed services will now have a right to obtain and record, e.g.:
    • Correspondence, including emails3: this category may include correspondence sent by means of computer applications (e.g. mobile) and certain internet portal functionalities (chat);
    • Data stored on IT systems4 – it is possible that the uniformed services may be authorized to secretly use malware installed on the users' devices to systematically access and download data stored in these systems;
    • Data regarding the use of e-services5 – this notion encompasses the user's full name, PESEL number, residential address, e-mail address, IP address, as well as information on the scope of use of the e-service ("meta-data"), which raises concerns that use of portals, websites and cloud services will be monitored.
  • Considering the broad extent of data which may be procured by the uniformed services under the amended regulations, it may happen that the services will intercept your information constituting your intellectual property, business or legal secrets.

Consequently, we suggest considering the following measures:

  • Introducing a risk assessment system to evaluate the risk connected with the processing of certain business information, and implementing or scrutinizing your current information security policies, IT procedures, and revisiting contracts with IT solution providers.
  • Increasing the level of security of confidential information by using adequate IT data protection technologies (including data or email message encoding software).
  • When in doubt – limiting or even entirely giving up electronic communication in certain types of matters (i.e. some communications with your lawyers), storing certain categories of documents outside of places where they may be accessed electronically.

The Polish Ombudsman filed a petition for the Constitutional Court to assess the constitutionality of the new legal regulations.

Please note that the IT solutions put in place by Dentons ensure the adequate protection of data stored on our servers. That said, not all our clients are likely to be able to ensure similar levels of protection of their data. For this reason, we cannot rule out that in order to ensure the proper protection of client-attorney privileges, in some cases we will recommend forms of communication other than email to our clients.

Footnotes

1 The amended regulations concern operations conducted by the Polish Police, tax intelligence services, Border Guards, Military Police, Internal Security Agency, Intelligence Agency, Military Counterintelligence Services, Military Intelligence Services, Central Anticorruption Office and Customs Services.

2 This data ought to be procured to counteract or detect crimes, save human life or health and support search and/or rescue operations. That said, these objectives are broad enough to comprise virtually everything in practice.

3 Prior court approval required.

4 Prior court approval required.

5 Only a post facto court review of half-yearly reports filed to regional courts. 

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.