Belfast Telegraph

Monday 21 April 2014

Police censured for data breaches

Peter Bunyan, a former PCSO, was jailed after being convicted of misconduct in a public office

Hundreds of police staff, including high-ranking officers, have been censured for breaching data protection laws - from snooping on their children and ex-wives, to social media gaffes.

And in one case, a Pc got into hot water after wrongly telling family members that a loved one had died.

Others breached data protection regulations to access confidential and personal information, spreading rumours in the communities they were policing.

More than 100 staff were sacked and nearly 200 resigned as a result of breaches in England and Wales during a five-year period, according to figures obtained by the Press Association under the Freedom of Information Act.

Javed Khan, chief executive of Victim Support, said: "It is very worrying to think that the personal data of victims of crime - who are often extremely vulnerable - might be being accessed and used inappropriately by people in a position of trust.

"Victims rightly expect that their privacy and the information they give will be respected when they report a crime. Victims must be able to trust the police so they have confidence to come forward and report crime in the first place."

Police forces recorded a total of 2,031 cases of data protection breaches between January 2009 and October 2013.

Investigations led to 186 resignations, while 113 were sacked as a result of their behaviour.

Of those investigated, at least 34 were inspectors or chief inspectors, while 474 were deemed "staff" - civilian officers who do not get involved with rank-and-file policing.

While some incidents involved police leaking information on social networking sites and spreading rumours in local communities, others used the police database to snoop on the personal details of family members, friends and associates.

In Lancashire, a Pc received management action after an allegation that she "wrongly divulged information about the death of her estranged husband to her daughter shortly after his death".

The force did not provide any further details of the incident.

Avon and Somerset Constabulary reported the highest number of incidents, 289, including a chief inspector who received management action for being "negligent when disclosing personal information".

A Pc with the same force had a complaint against them - later withdrawn - when their names were "disclosed to the media after they had made it known that they wished to remain anonymous".

A special constable with Dorset Police resigned after he posted a video of himself walking around Poole police station on the YouTube self-broadcasting website. The video featured other officers and contained information on the station layout.

Social media etiquette also fell short for two staff with Gloucestershire Constabulary, who were censured for disclosing information on a social media site and inappropriate comments made about a work-related case, while another was investigated for altering details on police systems without justification or explanation.

There was a considerable spike in the data for Merseyside Police in 2009, when there were 154 data breaches - almost all of which were connected to each other.

A force spokesman said the high figure in 2009 was attributable to an internal investigation that year into people in the force "viewing a computer record relating to a high-profile arrest".

In one case, an officer with Derbyshire Constabulary searched for and viewed information about her son and his associates which was not for policing purposes.

A colleague with the same force was charged with three counts of misconduct in public office for this and other related offences. He was imprisoned for two and a half years and resigned his position, police said.

A sergeant with North Wales Police was censured for accessing the records of his son and ex-wife, while in Cleveland a special police officer was handed a written warning after divulging confidential information relating to a murder.

The Information Commissioner's Office, which upholds information rights among public bodies, said it had fined two forces £220,000 in recent years after "serious failings" were uncovered.

An ICO spokesman said: "Police officers and civilian staff can have access to substantial collections of often highly sensitive personal information.

"It is important that they do not abuse this access and only use the information for their policing duties.

"Public officials who abuse their positions can face serious consequences including criminal prosecution under the Data Protection Act.

"The legal, financial and reputational risks of failing to look after personal information are clear and police forces must have stringent security measures in place to protect people's information and make sure it is handled correctly."

In March, a married PCSO who worked in Cornwall was jailed for seven years after being convicted of misconduct in a public office.

Father-of-two Peter Bunyan, 40, was found guilty of eight counts at Taunton Crown Court - though the sentence was later halved on appeal. The court heard that he had illegally accessed data relating to three vulnerable women on the Criminal Information System.

And last month a former Warwickshire Police officer was given a suspended prison sentence after pleading guilty to five counts of misuse of a computer and one of harassment of a woman.

David Hilton, 50, who lives in Derbyshire, was sentenced to four months in prison, suspended for 12 months. He was also ordered to do 200 hours' unpaid work and pay £415 costs.

Of the 43 police forces contacted, 35 responded with information. Four constabularies - Essex, Hampshire, Thames Valley and West Yorkshire - refused to supply any details.

The remaining forces did not respond to the request for information.

Nick Pickles, director of civil liberties campaign group Big Brother Watch, said: "With hundreds of incidents every year, it is time to start asking whether it is too easy for police databases to be abused to snoop on innocent people.

"It is still troubling how frequently staff resign during the disciplinary process, leaving open the possibility of returning to work for a different police force and evading any punishment.

"These incidents make clear that custodial sentences are needed for illegally accessing confidential information and that the current regime treats data crimes as second-class crimes only punishable with a fine."

Shami Chakrabarti, director of human rights campaigners Liberty, said: "This new data scandal explodes the mythical choice between our privacy and security when, in truth, the two go hand in hand.

"At a time when police and security agencies demand more and more of our most intimate information, the behaviour of these officers shows just how vulnerable massive databases are to abuse. No politician should ever again dare say 'nothing to hide, nothing to fear'. With each passing day, the public knows better."

The Association of Chief Police Officers said most police forces had audit systems to monitor the use of computer networks.

Chief Constable Mike Cunningham, Acpo's national policing lead on professional standards, said: "Officers now have more access to information and technology than ever before to assist them in their roles. There are times when officers have misused access to information or force computers.

"In many of these occasions, the use is inappropriate, such as spending too much time using social media or other websites or looking for information about a case they are not working on. However, on rarer occasions it can be more serious. Any instances are investigated thoroughly and staff are dealt with proportionately."

Latest News

Latest Sport

Latest Showbiz