UK police forces have strengthened their security practices after an independent report revealed that hundreds of police and civilian staff abused their positions to gain unauthorised access to data.
Civil liberties group Big Brother Watch discovered 2,315 recorded data breaches at UK police forces between June 2011 and December 2015. More than 800 individuals accessed personal info without an official purpose and many shared information “inappropriately” with third parties, including organised crime groups.
Since then, there has been plenty of evidence that police forces have taken steps to mitigate data misuse. Computer Weekly reports that Huntsman Security sent a Freedom of Information request to all police forces earlier this year, finding 779 cases of potential misuse between January 2016 and April 2017. That’s representative of about seven more cases a month being discovered.
Stronger penalties are needed
According to Computer Weekly, all of the police forces that responded to Huntsman Security’s request confirmed that they have implemented plans to increase their capability and capacity to seek intelligence on potential abuse of authority by staff. For all but one of those forces, those plans include monitoring IT systems to make sure they aren’t being used to for unethical purposes.
Despite this, Big Brother Watch maintained that the problem isn’t about being aware of data misuse but doing enough to deter malicious insiders. According to the report, only 45% of those caught mishandling data were disciplined.
Big Brother Watch called for all police staff found guilty of a serious breach to be given a custodial sentence and criminal record. The group also advises UK police forces to comply with the EU General Data Protection Regulation (GDPR), which will provide a “comprehensive, forward thinking approach to data protection”.
Commenting on the report, Justine Cross, regional director at data security vendor Watchful Software, said: “The fact that hundreds of officers have also apparently routinely misused their privilege to access data inappropriately means a stronger hand is clearly needed in educating forces on data policy and the consequences of bad practice.
“Until a stricter approach to handling data is brought in across the board, police forces will continue to have their credibility undermined by these cases of poor practice.”
Comply with the GDPR
The GDPR takes effect on 25 May 2018 and applies to all organisations that handle EU residents’ personal data. A key part of compliance is staff awareness and education.
Our GDPR Staff Awareness E-learning Course introduces the Regulation and its key requirements to your employees, including those whose job involves processing and storing personal data, and non-technical staff.
The course outlines the scope of the GDPR, its six principles for collecting and processing personal data and how you can apply those in practice – from handling and requesting data to reporting breaches.