Police forces rack up ten data breaches every week


Ten data breaches are taking place in police forces in the UK every week, a new report suggests.

Hundreds of instances of inappropriate or unauthorised access to information and disclosure to third parties over four-and-a-half years were collated in research by Big Brother Watch.

The campaign group said cases included:

:: A special constable at Cleveland Police who was dismissed for passing confidential information about a detainee to a relative

:: A Met Police officer who apparently found the name of a victim amusing and attempted to take a photo of a driving licence to send to his friend via Snapchat. The officer resigned during disciplinary action

:: A Dyfed-Powys officer who passed sensitive police information to a member of public on a USB device

Forces logged at least 2,315 data breaches involving officers or other staff between June 2011 and December 2015, according to the report.

They included 869 instances of inappropriate or unauthorised access to information and 877 of inappropriate disclosure of data to third parties, while 25 cases involved misuse of the Police National Computer.

In more than half (55%) of the cases no disciplinary action was taken, the findings suggest. There were a number which were not upheld or where there was found to be no case to answer.

Around one in eight (13%) resulted in either a resignation or dismissal and a tenth (11%) led to either a written or verbal warning. Seventy cases (3%) resulted in a conviction or a caution, the report added.

Renate Samson, chief executive of Big Brother Watch, said: "We trust the police to keep us safe. In the 21st century that is as much about keeping our data secure as protecting us on the streets. 

"The revelation that the police are still committing 10 data breaches a week shows that work still needs to be done before we can be sure our personal information is safe in their hands."

The group argued that existing penalties for serious data breaches are not a strong enough deterrent and called for anyone found guilty of a serious breach to face a potential custodial sentence.

Big Brother Watch also said its findings - based mainly on Freedom of Information responses - raised questions about plans around data known as internet connection records as part of the Investigatory Powers Bill.

In 2014, the Press Association revealed that hundreds of police staff had been censured for breaching data protection laws.

Cases included a sergeant said to have accessed the records of his son and ex-wife and a PC who got into hot water after wrongly telling family members that a loved one had died.




Ian Readhead, National Police Chiefs' Council (NPCC) Lead on Data Protection, said: "The police have a duty to protect sensitive information, which is often provided to us by vulnerable victims and witnesses of crime.

"We take that responsibility extremely seriously.

"National guidance is available from the College of Policing and forces should have clear, tested and robust procedures in place designed to meet our legal obligations under the Data Protection Act and make sure information is handled correctly at all times.

"Public trust is key to good policing. Abuse of that trust is unacceptable and, in the rare cases where staff fail to meet our high professional standards, they will be held to account and dealt with appropriately."