Information Commissioner's Office
ICO issues reprimand to the Metropolitan Police Service for inadequate handling of files related to organised crime groups
The Information Commissioner’s Office (ICO) has issued a reprimand to the Metropolitan Police Service (MPS) following several issues identified around their uploading, amending and deleting of various criminal intelligence files relating to Organised Crime Groups (OCG).
The breach is reported to have happened between April-July 2020. It was first identified that a coding issue had occurred on the Police National Database (PND), resulting in a small set of test data being inadvertently introduced to the live system. This caused some files being rejected, an issue that went unnoticed by the MPS for a considerable amount of time.
Following this, a second incident was discovered whereby sensitive files that had already been loaded on to the PND were not being updated correctly, again going unnoticed by MPS.
Once these two issues had been resolved, the MPS then discovered that OCG records had remained on the system when they should have been deleted.
Despite no records being lost, the incidents did lead to information not being available and not correctly updated or deleted from the database. This consequently resulted in the ICO taking action and issuing a reprimand to the MPS.
“Dealing with any personal information should be done so with the upmost care. This is of particular importance to the MPS, which handles sensitive information directly relating to criminal activity.
“This reprimand reflects the ICO’s wider powers, including issuing reprimands and sharing good practice, to encourage greater compliance and empower organisations to use people’s data responsibly.”
- Stephen Eckersley, ICO Director of Investigations
The Commissioner recommended that the MPS should take certain steps to ensure its compliance with data protection law, including:
- Reviewing how its codebase is managed and looking at better protecting deployment code branches, ensuring code reviews take place before deployment, and training staff members in these practices. As well as, assessing and updating code branches to ensure further protection and to prevent code being inadvertently added to live systems.
- Better documenting how code is to be tested, reviewed, and deployed in order to establish best practices, in particular, when this involves software that processes potentially sensitive data.
The ICO is satisfied that the MPS has complied with the recommendations of the reprimand.
Notes for editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.
Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/03/ico-reprimand-metropolitan-police-service/
Latest News from
Information Commissioner's Office
ICO reaches agreement with Easylife Ltd17/03/2023 10:25:00
Update: This press release has been updated to reflect the fact that Easylife Ltd were fined for breaching the GDPR, as opposed to the Data Protection Act 2018
ICO statement on Government response to Sir Patrick Vallance’s Pro-Innovation Regulation of Technologies Review16/03/2023 11:05:00
Yesterday, Wednesday 15 March, the Government has published its response to Sir Patrick Vallance’s Pro-Innovation Regulation of Technologies Review.
ICO shares resources to help designers embed data protection by default15/03/2023 09:10:00
The ICO has produced new guidance to help UX designers, product managers and software engineers embed data protection into their products and services from the start.
John Edwards, Information Commissioner, delivers a keynote speech at IAPP Data Protection Intensive UK.13/03/2023 15:10:00
The Commissioner recently (09 March 2023) opened the conference with an overview of our past year and how we've changed our approach to ensure we’re a more empathetic, open regulator.
ICO statement on re-introduction of Data Protection and Digital Information Bill08/03/2023 16:05:00
Today, Wednesday 8 March, the Data Protection and Digital Information (DPDI) Bill is due to be re-introduced to Parliament. The ICO has issued the following statement and a full press release from the Department of Science, Innovation and Technology can be viewed here.
The Lockdown Files will help us learn from the experience of Covid07/03/2023 16:20:00
A cold and increasingly unsettled weather pattern is now becoming established across the UK with cold air from the north having pushed south across the whole of the country, bringing snow, ice and low temperatures for many.
The Lockdown Files will help us learn from the experience of Covid07/03/2023 16:15:00
Following the Daily Telegraph's reporting of leaked WhatsApp messages sent by Ministers during the COVID-19 pandemic, Information Commissioner John Edwards set out his views on the importance of record keeping. This piece first appeared in print in the Daily Telegraph on Saturday 4 March.
ICO approves fourth UK GDPR certification scheme following sequence of success03/03/2023 16:05:00
The Information Commissioner’s Office has approved the fourth set of UK GDPR certification scheme criteria.
ICO and Australian Communications and Media Authority sign Memorandum of Understanding03/03/2023 12:20:00
The Information Commissioner’s Office (ICO) and the Australian Communications and Media Authority (ACMA) have signed a Memorandum of Understanding (MoU), which formalises their commitment to work together on protecting people from unwanted nuisance calls and spam messaging.