The Information Commissioner’s Office (ICO) has released the details of a prosecution and a police undertaking after private and sensitive information was intentionally leaked on social media platform Twitter.
William Godfrey from Kent had been in a relationship with a probation officer when he came into possession of a USB data stick containing sensitive data. He later tweeted some of the sensitive data on the USB device and threatened to release more data as well.
For their part, Surrey Police signed an undertaking to improve their data protection policies and procedures.
According to the ICO release, the name and address of a vulnerable adult was posted together with health and sex-life data. The man also threatened to publish a 40-page document containing further information, including details about a sexual offence victim.
He had also tweeted, under a separate account, further information to the Surrey Police twitter handle as well.
Despite being asked by the ICO to hand over the USB device and not publish the data, Godfrey refused to do so leading to an injunction being taken out against him. In court, he admitted to breaching the Data Protection Act and was subsequently handed a 12-month conditional discharge (which means if he breaks the law again within a year then he’ll be punished).
Police data protection breaches
Police data protection breaches from leaks and the misuse of private information are not uncommon. Reports and research has been done by experts and watchdogs who have found there is a long-standing history of data protection issues that involve the police. They range from cases like this one where data is not looked after properly and falls into the wrong hands, to the abuse of powers to search police databases for information without appropriate authorisation or reason.
At the end of the day, the police are not above the law. If a data protection breach happens because of a police data leak or a police data protection breach, a victim can be entitled to compensation in the same way anyone else can.
Vigilance about what you post on social media
A lot of people still fail to appreciate that the law applies to social media platforms like Facebook and Twitter. You can be responsible for a data protection breach if you release data on Facebook or Twitter that breaches the law.
Head of enforcement at the ICO, Steve Eckersley, stated this important fact:
“People should always be careful about what they share on social media, both about themselves and others. But when it’s sensitive and confidential personal information that they have no right to see or possess in the first place, then we will not hesitate to take action to protect people’s rights.”