UK Police forces have investigated as many as 779 instances of abuse of IT systems and sensitive personal data by its own personnel since January of last year.
A Freedom of Information request has revealed that UK police personnel inappropriately handled sensitive data between January 1st, 2016 and April 10th 2017.
The PEEL: Police legitimacy 2016 report, that aims to determine how forces treat people with fairness and respect and whether they are acting fairly and lawfully, has revealed that almost half of the police forces were unable to audit or monitor use of all of the forces’ IT systems.
This has impacted the forces’ ability to spot officers or staff who may be accessing force systems to identify vulnerable victims. An exception to this rule was the South Yorkshire Police who scanned phone numbers dialled from force mobiles and landlines to identify and punish errant personnel.
‘We were disappointed to find that almost half of forces do not have either the capability or the capacity to monitor and audit IT systems. Of those who do have the software required, many do not have the resources in their units to use it proactively,’ the report said.
The report applauded the Merseyside Police for setting up a dedicated audit team which ‘can audit and live-monitor IT use by any individual anywhere in the force’. ‘The team’s work has contributed to corrupt officers and staff being
identified, prosecuted and sent to prison for serious criminal offences,’ it added.
A Freedom of Information request filed by security firm Huntsman Security has revealed that between January 1st 2016 and April 10th 2017, there were as many as 779 instances of UK police personnel misusing sensitive and internal data. As many as 603 cases of potential misuse of data were identified by the report in 2016 alone. In the first 100 days of this year, the number of such cases was 176.
‘If there is any prospect of the safety and security of information being at risk, then every action should be taken to safeguard it before damage is done. The PEEL report highlighted that forces cannot rely on abuses being reported,’ said Peter Woollacott, CEO, Huntsman Security.
‘Implementing systems that don’t themselves intrude on privacy, but can identify when someone is accessing data that they shouldn’t be, is a good way for forces to ensure all personnel are behaving in an ethical manner when it comes to sensitive data,’ he added.
The PEEL: Police Legitimacy 2016 report has also revealed that the UK police forces are taking active steps to plug such issues and to ensure that employees do not misuse internal data. The report says that investigations are time-intensive and expensive and the focus should be on prevention to reassure the public that there is no tolerance towards abuse of authority.
‘In some forces, this lack of more active intelligence-gathering results from insufficient capacity and capability within counter-corruption units. Forces must address this situation urgently, so they can tackle this type of corruption early and in doing so prevent vulnerable people from being abused,’ it added.
‘These statistics underline just how complicated data protection really is. Regardless of whether they are a police force or a pension fund, all organisations need to make sure that their data is being stored and used correctly by all personnel. Critically, they need to be able to continuously monitor to ensure that this is the case,’ Woollacott added.