Between June 2011 and December 2015 saw at least 2,315 data breaches by police staff. Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times. That is according to a report by the civil rights and privacy campaigners Big Brother Watch (BBW).
Specific incidents included officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.
BBW made five recommendations that it said would help give the public reassurance that their personal information will be kept secure by the authorities. The five are: prison entences for serious data breaches; where a serious breach is uncovered the individual should be given a criminal record; mandatory reporting of a breach that concerns a member of the public; removal of Internet Connection Records from the Investigatory Powers Bill; and adoption of the EU’s General Data Protection Regulations, despite the UK’s recent ‘Leave’ vote in the referendum on the European Union. Only 25 cases involved misuse of the Police National Computer. More than half (55pc) of the 2315 cases – 1283 – resulted in no disciplinary or formal disciplinary action taken.
For the full, 138-page report visit https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf.
Comment
Justine Cross, Regional Director at Watchful Software, says: “The revelation that police forces across the UK are suffering almost continuous breaches of sensitive data shows that data security needs to be taken much more seriously.
“Classifying all of the data on the police network and restricting file access to authorised users on the system would sharply reduce the number of data leaks. Encrypting important and sensitive files against access from unauthorised users would for example have prevented many of the 877 cases Big Brother Watch found where data had been disclosed to third parties. Classifying a file as “internal use only” for example would prevent it from being opened anywhere outside of the system or even leaving the network, eliminating the risk of it being emailed or transferred by USB.
“Printed material can also be classified in this way, with a watermark citing when and by whom it was printed, introducing more accountability for instances such as the extreme example of case files being left in a raided premises.
“The fact that hundreds of officers have also apparently routinely misused their privilege to access data inappropriately means a stronger hand is clearly needed in educating forces on data policy and the consequences of bad practice. Until a stricter approach to handling data is brought in across the board, police forces will continue to have their credibility undermined by these cases of poor practice.”
