The Police Federation’s head of misconduct has revealed that a large number of the police force are “persistently” committing data breaches.
Fears have arisen that the police force are using technologies like the Police National Computer (PNC) and the Automatic Number Plate Recognition (ANPR) “for non-work related reasons”, according to the Police Federation.
And it’s happening all the time.
The Police Federation’s eagle eyes
The Police Federation of England and Wales is a statutory staff association for the police force with approximately 124,000 members. Under the Police Act 1996, police officers are prohibited from joining an ordinary trade union as a police strike would pose an exceptional public safety risk.
The Federation’s Deputy General Secretary, Andy Ward, warned potential perpetrators that computer misuse is a serious issue, and if officers commit data protection breaches – outside of lawful policing purposes – they are likely to face “very significant penalties”.
PNC and PND databases
The PNC is an electronic database that’s used by law enforcement organisations across the UK *. The main databases are:
- Names file
- Vehicle file
- Drivers file
- Property file
According to the National Policing Improvement Agency (NPIA) (2009), it stores 9.2 million personal records, 52 million driver records, 55 million vehicle records and 185 million transactions that were made in the past 12 months.
It allows the police force to have 24/7 access to the database; providing local and national information where applicable. Records are kept on file even if the person interacting with the police are found guilty or not.
In 2011, the Police National Database was introduced. This gives officers authority to share information on around 15 million people. To put that into context, that’s around a quarter of the British population.
The database is seen as a treasure trove. It contains a wealth of information on the British public; not just criminals.
Computer misuse
Computer misuse is also governed by the Computer Misuse Act 1990. Misuse offences include:
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate commission of further offences.
- Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
- Unauthorised acts causing, or creating risk of, serious damage.
- Making, supplying, or obtaining articles for use in offence under 1, 3 and 4.
The Federation notes that criminal misuse has been an issue for years. According to The Register, the number of Metropolitan Police officers investigated for misusing a police database has doubled between the years 2008-2013.
Since 2009, 76 officers in London were investigated for misusing the PNC. In 2013, 2 officers “resigned/retired” following investigations, and in 2011, 2 officers were dismissed without notice.
‘Trained’ in accordance with the Data Protection Act
Although the Metropolitan Police Spokeswoman insists that all employees are trained in accordance with data protection laws…
“…the Metropolitan Police Service (MPS) expects its staff to behave professionally, ethically and with the utmost of integrity at all times. Any instance where the conduct of our staff brings the MPS into disrepute is treated extremely seriously in line with MPS policy.”
In reality, it doesn’t seem as though the training has drilled in the importance of data protection.
Lack of transparency
The databases are criticised for its lack of transparency that can unfortunately lead to an abuse of the system, evidently shown above.
* List of organisations that have full access to the PNC:
- All territorial police forces of Great Britain
- Police Service of Northern Ireland (PSNI)
- British Transport Police (BTP)
- Police Service of Scotland
- Civil Nuclear Constabulary
- Isle of Man Constabulary
- States of Jersey Police
- States of Guernsey Police Service
- National Identification Service (NIS)
- National Crime Agency (NCA)
- Ministry of Defence Police (MDP)
- HM Revenue & Customs
- The Security Service (MI5)
- Secret Intelligence Service (MI6)
- Government Communications Headquarters
- Defence Intelligence Staff
- Department for Work and Pensions
- Association of Chief Police Officers (ACPO)
List of organisations that have restricted access:
- HM Court Service
- Probation Service
- Criminal Records Bureau
Sources:
http://webarchive.nationalarchives.gov.uk/20130402174424/http:/www.npia.police.uk/en/docs/NPIA_Annual_Report_and_Accounts_2009-10.pdf
http://www.dailymail.co.uk/news/article-1145581/Body-charge-UK-policing-policy-18m-year-brand-charging-public-70-60p-criminal-records-check.html
https://www.theregister.co.uk/2017/03/22/coppers_persistently_breaching_data_protecton_laws_with_pnc_and_anpr/
https://www.theregister.co.uk/2013/06/18/dozens_of_london_cops_investigated_for_misusing_controversial_police_database/
http://www.inbrief.co.uk/police/police-national-computer/