fresnel6 - Fotolia

UK police forces taking action to quash data misuse

With nearly 800 reported incidents of potential data misuse by police in less than 16 months, at least 34 police forces are taking steps to improve monitoring systems to address this problem

UK police forces detected and investigated at least 779 cases of potential misuse of data by personnel between 1 January 2016 and 10 April 2017, a Freedom of Information (FOI) request has revealed.

However, this appears to have prompted most to follow recommendations to address the issue, although 10 of the 45 police forces failed to respond to the FOI request by Huntsman Security and one failed to provide any information.

All of the forces that responded to the FOI request confirmed they have implemented plans to ensure they have the capability and capacity to seek intelligence on potential abuse of authority by staff.

For all but one of the 34 forces, those plans include monitoring IT systems to ensure they are not being accessed or used for unethical purposes.

The findings come in the wake of the Police Legitimacy 2016 report, which found that forces needed to do more to investigate and prevent staff abuse of IT systems and sensitive personal data, in order to protect the legitimacy of, and trust in, the police.

“Public trust and legitimacy is critical for the police: without these, a modern police force risks losing the confidence of the people it aims to serve,” said Peter Woollacott, CEO of Huntsman Security.

“If there is any prospect of the safety and security of information being at risk, then every action should be taken to safeguard it before damage is done,” he said.

Read more about GDPR

The police effectiveness, efficiency and legitimacy (Peel) report highlighted that forces cannot rely on abuses being reported, said Woollacott.

“Implementing systems that don’t themselves intrude on privacy, but can identify when someone is accessing data that they shouldn’t be, is a good way for forces to ensure all personnel are behaving in an ethical manner when it comes to sensitive data,” he said.

Peel report on ethics

Published in January 2017, the Peel report investigated whether police forces and personnel were treating their privileged status ethically, and how this affected their legitimacy. The investigation reviewed issues such as whether personnel were accessing and abusing forces’ stored personal data – and found more than a third (37%) of forces ‘required improvement’.

The report stated that “many [forces] need to improve their ability to seek out intelligence” on the subject, rather than waiting for complaints from members of the public or in the organisation.

While there were 603 investigations into data misuse in 2016, there were 176 in the first 100 days of 2017 alone. Because some forces were unable to reveal the number of cases in 2017 due to ongoing investigations, it is likely that the true figure will be higher.

Given that one of the recommendations from the Peel report was the implementation of better monitoring systems, the hope is that police forces will continue to become more adept at identifying misuse of systems and applications.

“The fact that so many potential cases were reported shows this is still a serious problem. However, it is very encouraging to see forces taking concrete steps to address the issue,” said Woollacott.

“These statistics underline just how complicated data protection really is. Regardless of whether they are a police force or a pension fund, all organisations need to make sure that their data is being stored and used correctly by all personnel. Critically, they need to be able to continuously monitor to ensure that this is the case,” he said.

Preparations for GDPR compliance deadline 

With just 10 months to go before the EU General Data Protection Regulation (GDPR) compliance deadline, another survey has revealed that although 50% of IT executives at large UK firms are taking steps to prepare for GDPR compliance, 30% still believe the regulation will not affect them, and 20% are not sure what to do next.

This is despite the fact that the UK data protection regulator, the Information Commissioner’s Office (ICO), has said repeatedly that UK businesses must comply and that Brexit makes no difference.

The survey also revealed that 80% of respondents said they face major challenges, including seeking increased security and governance around cloud environments such as Microsoft Office 365, and while 45% of respondents have nominated a member of a specific departmental function to be solely dedicated to privacy and GDPR initiatives, 20% said they have not yet considered selecting a nominated person and 35% think it will be a challenge to find a suitably qualified and experienced individual.

The increased financial impact of fines and the expected frequency of their enforcement is a major concern for most of those surveyed, the survey found, with an overwhelming 90% of respondents indicating that a non-compliance fine would result in huge reputational damage for their organisation and a loss of trust from customers, suppliers and staff.

Read more on Privacy and data protection