UK police investigated nearly 800 cases of misuse of data by staff last year, but the figure could be a reflection of improved scrutiny and internal monitoring, according to Huntsman Security.
The SIEM vendor sent FOI requests to 45 police forces across the UK, 11 of which didn’t hand over any information.
It found that between 1 January 2016 and 10 April 2017, 34 forces undertook a combined total of 779 cases of potential misuse of data by personnel.
There were 603 confirmed investigations last year and 176 in the first 100 days of 2017. Given that several forces weren’t able to reveal details of ongoing cases this year, it’s likely that the figure will be even higher.
On the face of it, the stats would seem to suggest a worryingly high number of cases where police and staff have flouted data protection laws and infringed on the privacy rights of citizens.
However, Huntsman believes the figures should be viewed more positively.
All 34 forces taking part in the FOI study claimed to have implemented plans to ensure they can investigate such internal misdemeanors, as per the recommendations of the PEEL: Police Legitimacy 2016 report.
All but one of them have also rolled out IT monitoring tools designed to flag when systems are being misused by staff, the findings continued.
Huntsman Security head of product management, Piers Wilson, sought to downplay concerns over the expanded surveillance and data collection powers law enforcers have been granted via the Investigatory Powers Act.
“In some ways the research highlighting the steps that are being taken to improve monitoring and oversight, coupled with the fact that forces are clearly identifying cases of misuse, should actually give confidence in their ability to handle sensitive intelligence and personal information - however it was gathered or received,” he told Infosecurity Magazine.
“No matter the volume of information the police can view, and how they receive it, they must be able to demonstrate that it is only being used for its intended purpose. The same holds true for any organisation with access to sensitive data – they must expect to be held account, whether by their customers or the authorities, and to demonstrate that they are following the most rigorous standards possible.”
However, a Big Brother Watch report from 2016 uncovered widespread cases of police and staff abusing their position to access data inappropriately.
Receiving a 95% response rate from all UK forces, it found a total of 2,315 recorded incidents of data breaches between June 2011 and December 2015, either by police or civilian staff.
Over 800 individuals accessed personal info without a policing purpose and over 800 shared information “inappropriately” with third parties during the period.
In more than half (55%) of the cases no disciplinary action was taken.