UK Cops Responsible for 2000+ Data Breaches in Four Years

Over the past four years UK police have suffered over 2300 data breaches as a result of insiders abusing their position, according to a new report from Big Brother Watch.

The rights group sent a Freedom of Information request to all forces in the UK back in January requesting information on breaches and received a 95% response rate.

It found a total of 2315 recorded incidents of data breaches between June 2011 and December 2015, either by police or civilian staff.

Over 800 individuals accessed personal info without a policing purpose and over 800 shared info “inappropriately” with third parties during the period.

Some individuals accessed data for financial gain and even passed information on to organized crime groups, the report claims.

Shockingly, more than half (55%) of the cases resulted in no disciplinary action being taken, only 11% ended up in a written or verbal warning, and just 3% resulted in a criminal conviction or caution. In 13% of cases the individual resigned or was sacked.

West Midlands police was by far the worst offender when it came to data breaches in the period, recording 488.

The top five were rounded out by Surrey Police (202), Humberside Police (168), Avon and Somerset Police (163) and Greater Manchester police (100).

In response to the report, Big Brother Watch is calling for a custodial sentence and criminal record for anyone working for the police found guilty of a serious breach.

The group also argued that any breach involving a member of the public should be reported within 90 days.

More ambitiously, Big Brother Watch said the volume of data breach incidents related to the police proves that plans to allow them access to internet connection records in the forthcoming Snoopers’ Charter should be scrapped.

“Police forces are already struggling to keep the personal information they can access secure. It is clear that the addition of yet more data may just lead to the risk of a data breach or of misuse,” the report claimed.

Finally, the report calls for the UK to continue with plans to adopt the EU General Data Protection Regulation (GDPR), to provide a “comprehensive, forward thinking approach to data protection” which will help keep businesses and individuals safe.

Justine Cross, regional director at data security vendor Watchful Software, argued that proper data classification, restrictive access controls and encryption would all have helped minimize the number of data breaches disclosed by Big Brother Watch.

“The fact that hundreds of officers have also apparently routinely misused their privilege to access data inappropriately means a stronger hand is clearly needed in educating forces on data policy and the consequences of bad practice,” she added.

“Until a stricter approach to handling data is brought in across the board, police forces will continue to have their credibility undermined by these cases of poor practice.”

What’s Hot on Infosecurity Magazine?