Data breaches: Surrey Police second worst
SURREY Police staff committed more than 200 data breaches during a fourand-a-half year period, making it the second worst force in the country, new figures reveal.
A report published by the civil liberties campaign group Big Brother Watch last week reveals the Surrey force recorded 202 data breaches between June 2011 and December 2015.
Using freedom of information legislation, each force in the country was asked to reveal the number of times police or staff had been convicted, dismissed or disciplined internally for a data breach.
The Data Protection Act 1998 states that personal data should only be accessed for legitimate purposes and must only ever be used for specified and lawful reasons, and should not be kept longer than necessary.
Some of the offences committed by officers or civilian staff at Surrey Police included inappropriately sharing information with a third party, accessing police systems without a policing purpose, improper disclosure of information and using police systems under another person’s details.
At Surrey Police, 86 data breaches led to action by managers, 51 breaches led to verbal and written warnings, and 29 led to dismissals.
No action was taken following 16 breaches.
Nine breaches led to a resignation and two were followed by retirement.
Four investigations are ongoing and three incidents were not proven.
Information was not provided on two incidents.
Only West Midlands Police, with 488 breaches, had a worse record.
In comparison, neighbouring Sussex Police recorded only 63 breaches.
The Investigatory Powers Bill is currently going through the House of Lords to make provision for the interception of the public’s communications in relation to national security.
The Bill is intended to create a comprehensive framework that governs the way police, security and intelligence agencies intercept, store and use personal data.
Renate Samson, chief executive of Big Brother Watch, said: “We trust the police to keep us safe. In the 21st century that is as much about keeping our data secure as protecting us on the streets.
“The revelation that the police are still committing 10 data breaches a week shows that work still needs to be done before we can be sure our personal information is safe in their hands.
“The government are about to give law enforcement access to the details of all the websites each and every one of us look at.
“In light of our findings questions must be asked about whether more access will make for better policing, or only increase the opportunities for misuse.”
Big Brother Watch recommended custodial sentences for serious breaches, mandatory reporting of a breach that concerns a member of the public, removal of internet connection records from the Investigatory Powers Bill and adoption of the General Data Protection Regulations.
A Surrey Police spokesman said: “A proactive vetting audit was carried out within the timeframe of the Big Brother Watch report, which uncovered a number of historic computer misuse cases. After that trawl was completed, the number of computer misuse cases returned to a normal level.
“In addition, the way the force records data protection breaches means that if one individual committed six data protection offences, this would be recorded as six breaches. The vast majority of Surrey officers and staff behave in an honest and professional manner and are encouraged to raise any concerns so problems can be identified and addressed at an early stage.”