1.

Personal data are exempt from the non-disclosure provisions where the
disclosure is required by or under any enactment, by any rule of law, by a
court order (DPA 1998, s 35(1)), or where the disclosure is necessary for the
for the purpose of, or in connection with, any legal proceedings (including
prospective legal proceedings), or for the purpose of obtaining legal advice, or
is otherwise necessary for the purposes of establishing, exercising or
defending legal rights (DPA 1998, s 35(2)). For example, in MENSAH -vJONES a Doctor was compelled to disclose the claimants medical note and
records to his solicitor in order to obtain legal advice in respect of legal
proceedings brought by the claimant for assault. Often the data controller will
not be in a position to decide whether the necessity test (s 35 (2)) is satisfied or
will not wish to disclose those data voluntarily because of his contractual
obligations to the data subject. In such a case, the party requesting disclosure
will have to apply to the court for such order as the court thinks fit (TOTALISE
PLC -v- MOTLEY FOOL LTD).
2. According to sections 29(1-4) of the Data Protection Act 1998, personal data
processed for the purposes of the prevention or detection of crime, the
apprehension or prosecution of offenders or the assessment or collection of
any tax or duty are exempt from the provisions of:
a. The first data protection principle (except Schedules 2 and 3 of the
Data Protection Act 1998)
b. The right of data subject access (Section 7)
c. The non-disclosure provisions
3. Yes, there has been a breach of data protection. See attached document from
Information Commissioners Office.