Police Data Protection Breaches

In my last blog I spoke about the numerous cases of Police staff illegally accessing private information about individuals on the Police computer database, for non- policing purposes.

Over 2,000 breaches of personal data have been admitted by the Police Forces of England and Wales between June 2011 and December 2015 and we have reason to suspect that this may only be the tip of the iceberg, for how many other data protection breaches, big and small, have occurred but gone unnoticed?

Many of these cases relate to rogue individuals abusing their privileged access to Police information to further their own ends or satisfy their curiosity about somebody known to them, whilst other cases involve not malicious but negligent disclosure of information to third parties that should have been kept private. What is, however, of much greater concern is the number of recent high profile cases not involving ‘rogue’ Officers but in fact deliberate campaigns by the hierarchy of a Police Force to snoop or spy upon an individual in blatant disregard of the Data Protection Laws that those forces are supposed to be upholding.

In August it was announced that Durham Constabulary had been tasked with investigating the conduct of Police Scotland following a report from the Interception of Communications Commissioner Sir Stanley Burton which identified five breaches of the Acquisition and Disclosure of Communications Data Code of Practice by Police Scotland.

The IOCCO investigation was commenced in response to fears that Police Scotland Officers had been illegally spying on journalists.

It appears that Police Scotland strayed well beyond the bounds of the law in trying to ascertain the sources of a journalist after a newspaper published an article which was critical of the Police investigation into the murder of Emma Caldwell in 2005.

One of the journalists involved in this case, Gerard Gallagher, himself a former police officer, has received an award of £10,000 damages against Police Scotland after the Investigatory Powers Tribunal (IPT) concluded that the force’s actions were contrary to the Human Rights Act 1998. Mr Gallacher told the tribunal how he had suffered an invasion of privacy, family life, considerable stress and the loss of longstanding friendships as a result of the force’s investigation. It was found that Police Scotland had illegally intercepted the phone and email data of Mr Gallacher and five other individuals connected with an investigation by the Sunday Mail newspaper.

One of the complainants in the case, Detective Inspector David Moran warned “Nobody, including myself, knows the full detail of what happened, the level it reached within Police Scotland and who exactly caused Officers to break the laws and codes governing the interception of communications.”

He went on to warn “Until that is fully established then, in my opinion, no assumption should be made that criminality was not involved.”

Following on from this case were the revelations last week in the case of Andrea Brown, a former Metropolitan Police Officer who has recently won her claim for breach of human rights and misuse of private information against the Met.

Ms Brown who had served the force for 20 years, and had risen to become a Detective Constable, was illegally investigated by both her employers and Greater Manchester Police in connection with a trip she made to visit family in Barbados in 2011 when she was on sick leave suffering from depression.

It appears that she did inform her Police Federation representative about the trip she was making, but not her line manager. Whilst this may have amounted to a minor disciplinary failure, senior Officers at Sutton Police Station then abused powers designed to investigate crime in order to snoop upon their colleague.

Detective Inspector Sarah Rees obtained the assistance of Greater Manchester Police to investigate Ms Brown through the National Boarder Targeting Centre and the Detective Inspector also approved an application to Virgin Atlantic to obtain details of Ms Brown’s travel citing “The Police Act 2007”, an entirely fictional piece of legislation.

It appears that senior Officers had decided to investigate Ms Brown’s travel history using powers which were designed to investigate suspected criminals, which she clearly was not.

Ms Brown sued both the Metropolitan Police and Greater Manchester Police for breach of data protection, misuse of personal information and breach of her right to respect for family and private life under article 8 of the Human Rights Act.

Although both the Met and GMP initially denied liability, shortly before the case reached trial in Central London County Court the forces admitted that they had breached both the Data Protection Act and the Human Rights Act.

The presiding Judge in the case, Jan Luba QC, was highly critical of Detective Inspector Rees saying she appeared “glib, almost flippant” and that he was astonished at her “loose and casual grasp of the law.”

That is a sad and disappointing state of affairs indeed. How can we expect a Police culture of ‘low level’ data protection breaches to be driven out when senior management within Police forces the length and breadth of the UK, as highlighted above, either do not know the law in relation to data protection and privacy, or are flagrantly breaching that law for their own purposes?

Change must begin at the top, and hopefully the results of these two recent high profile cases are important steps in the right direction.