Be More Careful With Your Data - Unauthorized Insider Information

We all take it for granted that when we need them, the Police will help “protect and serve” its citizens. But sometimes, only sometimes, they protect and serve themselves with unauthorized insider information about the citizens they are paid to help.

Following a Freedom of Information request sent to all UK Police Forces by Big Brother Watch in January 2016, of the 95% response rate, 2,315 incidents relating to a data breach were reported between June 2011 and December 2015. The report titled Safe In Police Hands? highlights clear opportunities for processes to be hardened to protect the integrity of the force and the information held on the people they serve.

There were over 800 reported incidents of individuals, both Police and civilian staff, who accessed personal information without investigative reason nor purpose, with another 800 who shared information inappropriately with third parties. The report also states how Police Forces suffer a data breach approximately 10 times a week and still want more of our data.

Noteworthy Breaches Highlighted Include:

Cleveland Police
A special constable was dismissed for passing confidential information in relation to a detainee to a relative.

Metropolitan Police
An officer found the name of a victim amusing and attempted to take a photo of his driving licence to send to his friend via snapchat. The officer resigned during disciplinary action.

Essex Police
An officer has been suspended and is under investigation for abusing his position to form relationships with a number of females. It is suspected that he carried out police checks without a policing purpose.

Merseyside Police
An officer inappropriately shared information. Allegation that officer has breached force confidentiality by attending a fellow officer’s house and informing him that a sex offender lived in his road. As a result of his actions the information was passed to a third party outside the organisation

North Yorkshire Police
Unidentified officer left paper file containing sensitive data in raided property. No action was taken as the officer could not be identified.

South Yorkshire Police
It is alleged that whilst off duty, an officer has used mobile device to conduct a check on a vehicle. In response advice was given to the officer in question.

South Wales Police
An officer was dismissed without notice for photographing and disseminating restricted documentation for personal gain.

Dyfed Powys Police
An officer passed a USB device to a member of the public. It contained sensitive police information, including intelligence reports, emails and public information letters relating to crime. In response informal action was taken by the force.

The consequences of misuse? 
So with data being misused what about disciplinary action? You’ll be surprised to know that 55% of all reported cases resulted in no, that’s zero, disciplinary action. 11% resulted in a written or verbal warning, in 13% of all cases the individual resigned or was removed from duties. Only 3% resulted in a criminal conviction or formal caution.

More single-mindedly, Big Brother Watch said the volume of data breach incidents related to the police proves that plans to allow them access to internet connection records in the forthcoming Snoopers’ Charter should be scrapped.

In response to the report, Big Brother Watch is calling for a custodial sentence and criminal records for anyone working for the police found guilty of a serious breach.

Finally, the report calls for the UK to continue with plans to adopt the EU General Data Protection Regulation (GDPR), to provide a “comprehensive, forward thinking approach to data protection” which will help keep businesses and individuals safe.

So where is the control? With more and more information being made available to the powers that be, how is access to this data not controlled, its use audited and opened up to people that have no right to have privileged access.