UK police commit 2,300 data breaches in 4.5yrs - report

© Suzanne Plunkett
Some 800 UK police staff were responsible for more than 2,300 breaches of personal data between 2011 and 2015, a damning report by privacy rights group Big Brother Watch has revealed.

Breaches include improper disclosure of information, accessing police systems for non-policing purposes, inappropriate use of data and accessing data for personal reasons, the report explains.

Data was accessed without authorization more than 800 times within that period, with 25 cases directly involving the “misuse” of the Police National Computer (PNC), the UK’s primary police computer system used to facilitate investigations and share information.

The findings, based mainly on freedom of information (FoI) responses, also revealed information was inappropriately shared with third parties more than 800 times.

“Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organized crime groups,” the London-based group said.

The study ‘Safe in Police hands?’ found in the majority of these cases no disciplinary action was taken against the offending staff member. Some 13 percent of the incidents analyzed by Big Brother Watch resulted in resignation or dismissal, 11 percent ended in a verbal or written warning, while just 3 percent resulted prosecution and conviction.

“We trust the police to keep us safe. In the 21st century that is as much about keeping our data secure as protecting us on the streets,” said Renate Samson, chief executive of Big Brother Watch.

“The revelation that the police are still committing 10 data breaches a week shows that work still needs to be done before we can be sure our personal information is safe in their hands,” she added.

The report also warned about the potential for abuse of some provisions of the controversial Investigatory Powers Bill, which is currently under review by the House of Lords.

The group suggested the collection of Internet Connection Records (ICR), which involves the government accessing and storing user data for up to 12 months, would jeopardize user privacy.

"Internet Connection Records reveal a huge amount of information about UK citizens. Collecting and storing details about every website that we access as well as our location, what device we are using and what time we accessed it can help build a very intrusive picture.

“Until the police can demonstrate that our data will be safe in their hands we shouldn’t be giving them access to yet more of it,” Big Brother Watch research director Daniel Nesbitt told IBTimes UK.