I have highlighted before on this blog my concerns about the extent of personal data breaches committed by police forces the length and breadth of the country, which can often arise as a result of casual treatment of sensitive data and a lack of respect for the people whose data that property is.
I have for example talked about cases in which police officers have illegally accessed computer data about individuals known to them socially/ privately who they wish to ‘snoop’ upon.
In response to a recent Freedom of Information Request the police forces of England and Wales admitted to 2,315 breaches of personal data between June 2011 and December 2015, with more than 800 cases relating to information being accessed without a valid policing purpose, and more than 800 relating to inappropriate disclosure of personal information by police staff to third parties.
I have also highlighted before my concern that this culture of data breaches, either for the personal ends of individual police staff (e.g to snoop on people in their social circle, or to obtain information to assist their own private non- police related business) or as a result of sloppy or negligent mishandling of the data, is fostered by the overlapping culture of ‘police protecting police’ – a biased complaints investigation system, whose primary purpose often seems not to be objective investigation of potential professional misconduct by police officers, but to find reasons for dismissing complaints and giving police staff a heavy measure of ‘benefit of the doubt’. In other words, whilst the police purpose is to zealously investigate complaints of crime, when it comes to police complaints their most common approach is to deny, derail or dismiss any investigation, a greatly dispiriting course of conduct which greatly undermines public confidence in the police.
To underline this, the FOI request revealed that in 55 % of cases of police data breach no or no formal disciplinary action was taken, only 13% of cases resulted in police staff resigning or being dismissed and only 3% resulted in a criminal conviction or caution.
Today I am pleased to report that Greater Manchester Police have made a substantial payment of £75,000 damages to a victim of domestic abuse whose private information was misused by the police resulting in her suffering significant distress and psychiatric harm. I have no doubt that her suffering was compounded by the fact that the force’s initial internal investigation into this matter concluded – surprise, surprise – that no officer had infringed the data protection code of conduct.
Faced with this situation, the woman had no choice but to pursue legal action which first resulted in the Police admitting the breach of her privacy but then refusing to offer her any compensation, effectively dragging the woman through the civil courts until ‘at the 11th hour’ before her case was due to go to trial agreeing a pay out of £75,000 compensation.
The woman’s claim was brought in the tort of Misuse of Private Information in accordance with Article 8 of the Human Rights Act 1988 (the right to respect for private and family life)as well as breach of the Data Protection Act.
Rather than respecting this woman’s right to anonymity in regards to the suffering she underwent at the hands of a violent former boyfriend, GMP callously increased her suffering by distributing her personal details, medical history and a recording of her 999 call as part of ‘training’ material to staff entirely unconnected with the investigation of her case (including non- police staff).
The woman has quite rightly stated that she felt “betrayed” by the actions of the police, who apparently treated her data regarding such a sensitive matter as if it were their own property to do with as they wished. It has also quite rightly been pointed out that a victim of domestic abuse could be at significant risk if her personal details were made public in this manner and fall into the hands of her abuser.
Rather than protecting her, Greater Manchester Police sadly made this woman a victim again, and as is typical police conduct, fought her valid claim for years before finally settling it with one of the largest payment of damages ever made in this country for a police privacy breach.
And today’s case comes only days after it was revealed that the IPCC itself has had to remove from its website a document (also shared with media organisations) which named a rape victim in breach of the right to anonymity for victims enshrined in the Sexual Offences Act 1992.
Hopefully this case, and the significant award of damages made, will help to shine a light on the importance of privacy and encourage the police to take much greater care in the handling of personal data.