Matt Gaw, East Anglian Daily Times |
TWO police officers have resigned and another two staff members sacked after allegations of data protection breaches at Suffolk Constabulary, it can be revealed.
Force bosses said the unlawful use of personal or police information “would not be tolerated” after figures obtained by the East Anglian Daily Times showed 66 suspected cases of non-compliance with the Data Protection Act.
But pressure groups described the alleged breaches as “deeply concerning” and questioned why some of the cases had not been handed over to the Information Commissioner’s Office (ICO) — an independent authority set up to uphold information rights.
The cases, which span three years, include one in 2010 when a police officer resigned after an allegation of unlawfully obtaining, using or disclosing personal data.
In the same year an officer stood down after an accusation that the police system had been used for a “personal reason”.
Two staff members also resigned following suspected breaches in 2010 and another was sacked in 2011 after an allegation of unlawfully accessing and disclosing police information.
A second staff member was dismissed in 2011 after all allegation of “suspected unlawful disclosure of police information by PCSO for non-police purposes.”
Over the three years a number of other possible breaches, flagged up by the force after random and targeted monitoring, resulted in written warnings, “tightening of procedures” and “words of advice”.
In 14 cases, there was said to be no evidence of a breach while 16 others are still under investigation by the force’s Professional Standards Department.
A spokesman for Big Brother Watch, who campaign to protect individual privacy and defend civil liberties, said: “The breaches, or suspected breaches, are deeply concerning – particularly given that if people’s privacy is intruded on by wrongful use of the police database it is a criminal offence under the Data Protection Act.”
He added that anyone suspected of serious data protection breaches should be reported to the ICO, to prevent potential misuse of personal data being “swept under the carpet.”
A spokeswoman for Suffolk police said that there are no set procedures by which to notify the ICO but added that if a breach could be resolved by the Constabulary in a way that satisfied all parties it would probably not be necessary to contact the watchdog.
In all of the cases released to the East Anglian Daily Times, it was judged that none warranted ICO notification.
But a force spokeswoman added: “Breaches of the Data Protection Act are taken extremely seriously by Suffolk Constabulary and all staff are aware of the role they have to play in ensuring data is recorded, managed and shared appropriately, and the importance of maintaining confidentiality and respecting the rights of the public over personal information.
“The Constabulary undertakes both random and targeted monitoring of access to information, providing both a deterrent and detection function.
“The basic principles of good information management impact on every aspect of our business and as such are applicable to all staff to ensure they are using information in the right way. There is comprehensive information given to staff giving guidance as to their duties and responsibilities around information management.”
She added: “Any breaches of the Data Protection Act or Force policy by staff will not be tolerated by the Constabulary and if individuals are found to be misusing the privileged access they have to information, they will be subjected to disciplinary action and possibly face criminal proceedings.”
A spokesman for the ICO said: “Police officers and civilian staff can have access to substantial collections of often highly sensitive personal information.
“It is important that they do not abuse this access and only use the information for their policing duties. We expect police forces to make substantial proactive efforts to check that any access to their records is for legitimate police purposes and to take action where they discover wrongdoing.
“Public officials who abuse their positions can face serious consequences including criminal prosecution under the Data Protection Act.”