Between 2011-2015, there were more than 800 individual UK police personnel who raided official databases to amuse themselves, out of idle curiosity, or for personal financial gain; and over 800 incidents in which information was inappropriately leaked outside of the police channels.
The incidents are reported in a new Big Brother Watch publication, which also reports that in most cases, no disciplinary action was taken against the responsible personnel, and only 3% resulted in criminal prosecution or conviction.
The incidents in the data-set show that this culture of impunity has created a casual disregard for public privacy. There was the cop who tried to Snapchat a friend with a picture of a crime victim's driver's license in order to make fun of his name; another one who stalked women he was attracted to in order to gain information that would help him befriend them; cops who sold photos of confidential documents to unnamed third parties; and so on.
Big Brother watch notes that the new Snoopers Charter legislation will vastly expand the data that cops will be able to query (virtually everything Britons do online will be stored and databased for police access), without any meaningful changes in the penalties for abuse, and suggests that this will create a very dire situation indeed. They make five concrete recommendations to forestall the worst consequences.
In response to this the levels of data the police handle will increase. Whilst there have been improvements in how forces ensure data is handled correctly this report reveals there is still room for improvement. Forces must look closely at the controls in place to prevent misuse and abuse. With the potential introduction of Internet Connection Records (ICRs) as outlined in the Investigatory Powers Bill, the police will be able to access data which will offer the deepest insight possible into the personal lives of all UK citizens. Breach of such detailed information would be over and above the extent outlined in this report. In light of this and the extended findings of our report we propose five policy recommendations. These recommendations will address concerns we have with the increased levels of data the police will have access to, they also propose more stringent methods of dealing with data breaches including a move towards error reporting and notification for the individual whose data has been breached and they ask in light of the recent vote to Brexit that the forthcoming General Data Protection Regulations are adopted despite our separation from the European Union.
Our recommendations are:
1. The introduction of custodial sentences for serious data breaches.
2. Where a serious breach is uncovered the individual should be given a criminal record.
3. The mandatory reporting of a breach that concerns a member of the public.
4. The removal of Internet Connection Records from the Investigatory Powers Bill.
5. Adoption of the General Data Protection Regulations.
UK Police Accessed Civilian Data for Fun and Profit, New Report Says [Joseph Cox/Motherboard]