Safe in Police hands? How Police Forces suffer 10 data breaches every week and still want more of your data. A Big Brother Watch Report July 2016 Contents Executive Summary ............................................................................................................................ 3 Key Findings ........................................................................................................................................ 4 Notable Incidents ............................................................................................................................... 5 Policy Recommendations ................................................................................................................... 6 Table 1: Top 10 Police Forces ............................................................................................................. 8 Data Protection and the Police .......................................................................................................... 9 Table 2: Full Force Breakdown ......................................................................................................... 12 Appendix 1: Methodology ............................................................................................................. 134 Appendix 2: Original Freedom of Information Request................................................................ 135 About Big Brother Watch ............................................................................................................... 137 2 Executive Summary The job of the police is to protect us and in a digital society that also means protecting our data. We need to be able to trust those in authority with our personal information, unfortunately that trust is being regularly undermined. Safe in Police hands? shows that between June 2011 and December 2015 there were at least 2,315 data breaches conducted by police staff. Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times. Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups. The findings of the report reveal a number of types of data breach from improper disclosure of information, accessing police systems for non-policing purposes, inappropriate use of data and accessing data for personal reasons. Data is the driving force of society now, any of the examples highlighted pose a threat to the privacy and security of individuals. Digital by default is the future for the country. In response to this the levels of data the police handle will increase. Whilst there have been improvements in how forces ensure data is handled correctly this report reveals there is still room for improvement. Forces must look closely at the controls in place to prevent misuse and abuse. With the potential introduction of Internet Connection Records (ICRs) as outlined in the Investigatory Powers Bill, the police will be able to access data which will offer the deepest insight possible into the personal lives of all UK citizens. Breach of such detailed information would be over and above the extent outlined in this report. In light of this and the extended findings of our report we propose five policy recommendations. These recommendations will address concerns we have with the increased levels of data the police will have access to, they also propose more stringent methods of dealing with data breaches including a move towards error reporting and notification for the individual whose data has been breached and they ask in light of the recent vote to Brexit that the forthcoming General Data Protection Regulations are adopted despite our separation from the European Union. Our recommendations are: 1. The introduction of custodial sentences for serious data breaches. 2. Where a serious breach is uncovered the individual should be given a criminal record. 3. The mandatory reporting of a breach that concerns a member of the public. 4. The removal of Internet Connection Records from the Investigatory Powers Bill. 5. Adoption of the General Data Protection Regulations. These recommendations, we believe, will help give members of the public reassurance that their personal information will be kept secure, those handling it know what their responsibilities are, any misuse of it will be punished and you will be informed if your data has been breached or misused. 3 Key Findings All figures for the period 1st June 2011 – 31st December 2015 unless otherwise stated  In the past 5 years there have been 2,315 breaches in police forces, including the following: o o 869 (38%) instances of inappropriate/unauthorised access to information 877 (38%) instances of inappropriate disclosure of data to third parties.  25 cases involved misuse of the Police National Computer  1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.  297 (13%) cases resulted in either a resignation or dismissal.  70 (3%) cases resulted in a criminal conviction or a caution.  258 (11%) cases resulted in either a written or verbal warning 4 Notable Incidents Cleveland Police - A special constable was dismissed for passing confidential information in relation to a detainee to a relative. Metropolitan Police - An officer found the name of a victim amusing and attempted to take a photo of his driving licence to send to his friend via snapchat. The officer resigned during disciplinary action. Essex Police - An officer has been suspended and is under investigation for abusing his position to form relationships with a number of females. It is suspected that he carried out police checks without a policing purpose. Greater Manchester Police - An officer informed an individual they were to be arrested. In response management action was taken. Merseyside Police - An officer inappropriately shared information. Allegation that officer has breached force confidentiality by attending a fellow officer’s house and informing him that a sex offender lived in his road. As a result of his actions the information was passed to a third party outside the organisation North Yorkshire Police - Unidentified officer left paper file containing sensitive data in raided property. No action was taken as the officer could not be identified. South Yorkshire Police - It is alleged that whilst off duty, an officer has used mobile device to conduct a check on a vehicle. In response advice was given to the officer in question. South Wales Police - An officer was dismissed without notice for photographing and disseminating restricted documentation for personal gain. Dyfed Powys Police - An officer passed a USB device to a member of the public. It contained sensitive police information, including intelligence reports, emails and public information letters relating to crime. In response informal action was taken by the force. 5 Policy Recommendations 1. The introduction of custodial sentences for serious data breaches. Existing penalties for serious data breaches are not a strong enough deterrent. Anyone found guilty of a serious breach should be subject to a potential custodial sentence. Making the breach of Section 55 of the Data Protection Act 1998 (DPA) punishable with a custodial sentence already exists in the form of Section 77 of the Criminal Justice and Immigration Act 2008. Enacting this currently dormant piece of legislation would show that the Government is serious about safeguarding people’s privacy in a data driven society. The introduction of custodial sentences as a punishment for serious data breaches was recently supported by the Culture, Media and Sport Select Committee in their June 2016 report Cyber Security: Protection of Personal Data Online. The Committee were clear in their recommendations that “it would be useful to have a full range of sanctions including custodial sentences.” They went on to support the calls for Section 77 and Section 78 of the Criminal Justice and Immigration Act to be enforced. The Committee are in a long line of supporters, including the Information Commissioner’s Office (ICO), the Justice Select Committee, the Home Affairs Select Committee, the Science and Technology Committee, the Joint Committee on the Draft Communications Data Bill, Lord Leveson in the Leveson Review and Stephan Shakespeare in his 2013 independent review of public sector information. 2. Where a serious breach is uncovered the individual should be given a criminal record. At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach. In organisations which deal with highly sensitive data, knowing the background of an employee is critical. 3. The mandatory reporting of a breach that concerns a member of the public. We expect the police to properly protect the information they hold about us. When this fails we should have a right to know what has happened and why. Whenever a breach occurs the people affected should be informed as soon as possible – should the breach have occurred as part of an investigation, the error notification should take place within 90 days of the investigation being completed. This will allow the person to take action to mitigate the breach and seek redress. 4. The removal of Internet Connection Records from the Investigatory Powers Bill The scale of breaches within police forces should pose major questions regarding the plans to allow police officers access to even more personal information through Internet Connection Records proposed in the IP Bill. The information the police will have access to under these powers is vast. Police forces are already struggling to keep the personal information they can access secure. It is clear that the addition of yet more data may just lead to the risk of a data breach or of misuse. 6 5. Adoption of the General Data Protection Regulations. Data protection law will be a fundamental part of keeping people and businesses safe. The Information Commissioners Office have been clear that if the UK wants to trade with the Single Market “on equal terms” data protection standards “would have to be equivalent to the EU’s General Data Protection Regulation framework” which will begin in 2018. A weakening of data protection law post Brexit would put the UK at risk, in terms of trade, security and data privacy. The General Data Protection Regulations would provide a comprehensive, forward thinking approach to data protection which would the UK would be wise to adopt. 7 Table 1: Top 10 Police Forces No. 1 Police Force West Midlands Police Number of Data Breaches 488 2 Surrey Police 202 3 Humberside Police 168 4 Avon and Somerset Police 163 5 Greater Manchester Police 100 6 North Yorkshire Police 98 7 Cheshire Constabulary 85 8 Dorset Police 81 8 Kent Police 81 9 Merseyside Police 77 10 West Mercia Constabulary 73 8 Data Protection and the Police The Data Protection Act 1998 The Data Protection Act 1998 (DPA) governs how personal data should be gathered, stored and used responsibly. The Act defines what “personal data” is and presents eight data protection principles which ought to be adhered to. In short information should only ever be collected for “legitimate purposes”, it must only ever be used for specified and lawful purposes, should not be kept longer than is necessary and should be protected from unauthorised or unlawful processing loss, destruction or damage. Data used by the police can be acquired without the consent of the individual but the police are still required to adhere to Section 55 of the Act which makes it an offence to unlawfully obtain personal data. However, the most severe penalty which can be issued under Section 55 is a maximum fine of £500,000. Big Brother Watch, alongside many other bodies, has long called for custodial sentences to be introduced into the Data Protection Act to address the weakness of Section 55. Custodial sentences would provide a real deterrent to those who misuse personal information. Whilst fines may appear to be adequate, there is a broad opinion that they are not strong enough to stop someone intentionally breaching the Act. Furthermore they do very little to raise awareness amongst staff about the impact a breach can have on an individual. The ability to change this has already been legislated for. Under Section 77 of the Criminal Justice and Immigration Act 2008 Ministers can amend the DPA to give the courts the option of handing down custodial sentences of up to 2 years for the most serious offences. Police and Personal Information The repeated shortcomings of the police when it comes to keeping personal information secure are well publicised by both the press and in commissioner reports. Examples of high profile cases include the failure of the British Transport Police to properly implement a system of deletion for out of date records, resulting in almost 11,000 intelligence reports not being removed and 10,000 boxes of personal information being held in archives1. Kent Police were fined £100,000 in March 2015 after leaving hundreds of evidence tapes and additional documents at the site of an old police station. The breach was only discovered after an officer visited the new owner of the premises and discovered them by accident. In a similar incident South Wales Police were fined £160,000 in May 2015 for losing a video recording which formed part of the evidence in a sexual abuse case. Due to a lack of training the loss went unreported for two years. 1 th BBC News, ‘Poor’ British Transport Police data ‘risks safety’, 19 January 2015: http://www.bbc.co.uk/news/uk-wales-30847519 9 In his last report the former Biometrics Commissioner painted a picture of confusion within the police when he revealed that Officers and staff routinely don’t understand their responsibilities to personal information, and that data is being deleted before time or retained longer than permitted. Police and Facial Biometrics Most of us imagine data to be written information but images are classed as data also. The unregulated uploading of custody photos by the Metropolitan Police to the Police National Computer caused outrage in February 2015. The revelation made in the Science and Technology Committee’s Biometrics report led to the then Biometrics Commissioner warning that “hundreds of thousands” of innocent people were now on the database2. The Committee called for regulation3, but at the time of publication no moves towards regulation have been made by the Home Office and images are still being uploaded, with facial biometric methods being increasingly used at large scale public events including music festivals such as Download in Leicestershire. Police and Data Protection The police are under a statutory responsibility to comply with the Data Protection Act 1998. The College of Policing are clear that data protection is a “core requirement to support effective policing”. It is mandatory that all police and civilian staff receive a basic level of data protection training the extent of that training is not clear. Further training is provided should an individual’s data responsibilities increase. It is not a mandatory requirement for the police to report data breaches to the Information Commissioners Office. Guidance has been produced by the Information Commissioners Office to help forces decide when it may be appropriate to report an incident. In addition many forces prepare their own internal guidance and procedures for such an event. The Investigatory Powers Bill The Investigatory Powers Bill was laid before Parliament in March 2016, following detailed scrutiny of a draft Bill published in 2015. The Bill as a whole will give the intelligence agencies, police and other bodies’ access to greater levels of personal data and information. A number of powers such as equipment interference (better known as hacking) and the bulk collection of our communications data have been avowed. Only one new power, the collection of Internet Connection Records (ICRs) has been created. ICRs are the retention of the websites we visit by our telecommunications services for 12 months. Not only will they list the websites a person has accessed but they will show when and what device was used as well as enabling IP address resolution – a power which many think would be possible if the UK invested in updating the current IP address technology. 2 rd BBC News, ‘Innocent people’ on police photos database, 3 February 2015: http://www.bbc.co.uk/news/uk31105678 3 th Science and Technology Committee, Current and future uses of biometric data and technologies, 25 February 2015, p. 34: http://www.publications.parliament.uk/pa/cm201415/cmselect/cmsctech/734/734.pdf 10 It has been argued by the Home Secretary Theresa May MP, that ICRs are the modern day equivalent of a phone bill. A description which has been roundly derided; a phone bill details the process of a one to one communication, whereas ICRs by the very nature of the internet detail one to many communications. The websites we visit can reveal a wide range of information about use; including our health and finances, our sexuality, race, religion, age, location, family, friends and work connections. The legislation requires the telecommunications services subject to a technical capability notice to create systems capable of retaining the Internet Connection Records for 12 months. The companies must make this information available to law enforcement agencies on request in a readable format; so even if the information has been encrypted there will be a requirement to decrypt the data so it can be read. This runs counter to the promises made by many companies including Apple and WhatsApp who encrypt users communications as standard. Currently no other European or Commonwealth country requires the storage of web data in this form. No evidence has been presented to show why the UK is a special case or needs these powers more than any other country; the Government have expressed enthusiasm at leading the way with a new system. However they won’t be the very first, a similar system was built and used in Denmark in 2007; it was abandoned after 7 years when it failed to provide any useful results. Plans to reintroduce it were scrapped because of spiralling costs4. The power to collect, store and for the police to subsequently seek a warrant to access our online activity would create another vulnerability to our personal data and personal lives. The failure of the Government to demonstrate the need for the power means that there are no tangible benefits to set against the negative impact the power would have on our privacy. 4 rd EDRi, Danish government postpones plans to re-introduce session logging, 23 March 2016: https://edri.org/danish-government-postpones-plans-to-re-introduce-session-logging/ 11 Table 2: Full Force Breakdown Police Force Avon and Somerset Police Bedfordshire Police Total Number Data of Data Breaches Breaches Police/Civilian Outline of DPA breach 1 Administrative Mistake 44 Disclosure to third party Research person details for Information 98 own benefit 163 not broken Research person details for down 3 own benefit and Disclosure to a third party 17 Information not provided Police systems accessed for a non-policing purpose over a 1 Officer protracted period of time. Police information. Accessed police systems numerous times for a non1 Staff policing purpose. Police Information. 8 Accessed police systems for a 1 Officer non-policing purpose. Police Information. Accessed police systems for a 1 Staff non-policing purpose. Police Information. Accessed police systems for a 2 Officer non-policing purpose. Police 5 Action taken Resignation Conviction Information not broken down5 Dismissed at hearing. Criminal Caution No Yes Gross misconduct hearing - dismissed No No Misconduct meeting – Management advice No No No No No No Gross misconduct meeting – Final written warning Misconduct meeting – Written Warning Response Notes: 1 police officer and 7 police staff have been dismissed, 85 police officers and 61 police staff have been disciplined internally; this includes those dismissed, six police officers and 11 police staff have resigned. 12 1 Cambridgeshire Constabulary 6 Staff 1 Staff 3 Staff 1 Staff 3 Officer 11 Staff 1 Officer 2 Officer 1 Staff 2 Officer 16 Staff 30 Information. Accessed police systems for a non-policing purpose. Police Information. Inappropriately revealed sensitive information to a third party. Police Information Use of force IT systems for a non-policing purpose Disclosure of police information without cause or authority Use of force IT systems for a non-policing purpose Use of force IT systems for a non-policing purpose Use of force IT systems for a non-policing purpose Use of force IT systems for a non-policing purpose Use of force IT systems for a non-policing purpose Retired or resigned whilst under criminal investigation for potential breaches of Data Protection or breaches of internal procedures relating to data use. Information not broken down Misconduct meeting – first written warning No No Gross misconduct meeting – Final written warning No No Dismissed No No Dismissed No No No No No No No No No No No No Retired/Resigned Yes No No disciplinary action No No Disciplinary action – Written warning Disciplinary action – Final Written Warning Disciplinary action – Final Written Warning Disciplinary action Management advice Disciplinary action – First Written Warning Response notes: 5 incidents related to use of IT systems for a non-policing purpose and 1 incident related to the inadvertent passing of information to a suspect of crime. 13 Cheshire Constabulary 7 85 57 Officer 1 Police 10 Police 3 Police 1 Police staff 10 Police 1 Police 2 Police staff 1 Police 1 Police 2 Police 1 Police Information not broken down Passed on information from Police computer records to an unauthorised person Passed on information from Police investigation to an unauthorised person Background check on a person known to them Passed on information from Police investigation to an unauthorised person Passed on information from Police investigation to an unauthorised person Failed to protect confidential information Passed on information from Police investigation to an unauthorised person Passed on information from Police investigation to an unauthorised person Background check on a person known to them Background check on a person known to them Passed on information from Police computer records to an unauthorised person No disciplinary action No No Management action No No No case to answer No No No case to answer No No Management action No No Local resolution No No Local resolution No No No case to answer No No Management action No No No case to answer No No Resigned Yes No No case to answer No No Response notes: 5 incidents related to use of IT systems for a non-policing purpose and 1 incident related to the inadvertent passing of information to a suspect of crime. 14 1 Police staff 1 Police staff 1 Police staff 1 Police staff 1 Police 1 Police 4 Police staff 1 Police staff 1 Police staff 1 Police 1 Police staff 1 Police 1 Police Posted information relating to police purposes on social media site Background check on a person known to them Passed on information from Police computer records to an unauthorised person Caused the loss of personal information by sending information through a nonsecure network Passed on information from Police computer records to an unauthorised person Passed on information from Police computer records to an unauthorised person Passed on information from Police investigation to an unauthorised person Background check on a person known to them Background check on a person known to them Background check on a person known to them Background check on a person known to them Background check on a person known to them Passed on information from Police computer records to an 15 Dismissed No No Written warning No No Written warning No No Written warning No No Final written warning No No No case to answer No No Local resolution No No Final written warning No No Final written warning No No Management action No No Resigned Yes No No case to answer No No Not upheld No No 1 Police 1 Police staff 1 Police staff 1 Police 1 Police 2 Police 1 Police staff 1 Police staff 3 Police 1 Police 1 Police staff 1 Police 1 Police staff 1 Police staff unauthorised person Disclosed confidential information to a third party Passed on information from Police computer records to an unauthorised person Disclosed confidential information to a third party Disclosed confidential information to a third party Disclosed confidential information to a third party Disclosed confidential information to a third party Hacked into private Facebook account Disclosed confidential information to a third party Disclosed confidential information to a third party Obtained details from computer not for policing purpose Conducted check on police systems for a non-policing purpose Misuse of force computer systems Obtained details from computer not for policing purpose Obtained details from 16 Local resolution No No Resigned Yes No Local resolution No No Local resolution No No Upheld - management action No No Local resolution No No Not upheld No No Local resolution No No Not upheld No No Not upheld No No Not upheld No No Not upheld No No No Case to answer No No Resigned Yes No 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police computer not for policing purpose Threatened to disclose police information to a third party Disclosed confidential information to a third party Posted personal information on social media Disclosed confidential information to a third party Disclosed confidential information to a third party Posted personal information on social media Obtained details from computer not for policing purpose Posted personal information on social media Improper information held on PNC Disclosed confidential information to a third party Disclosed confidential information to a third party Passed on information from Police computer records to an unauthorised person Disclosed confidential information to a third party Posted personal information on social media 17 Not upheld No No Not upheld No No Local resolution No No Local resolution No No Not upheld No No Not upheld No No Not upheld No No Management action No No Not upheld No No Local resolution No No Not upheld No No Local resolution No No Local resolution No No Local resolution No No City of London Police Cleveland Police 4 17 1 Police 1 Police 1 Police 1 Police staff 1 Police 1 Police 1 Police 2 Information not provided 1 Special Constable 1 Police 3 Police 1 Police 3 Police 1 Support Staff Disclosed confidential information to a third party Disclosed confidential information to a third party Disclosed confidential information to a third party Disclosed confidential information to a third party Obtained details from computer not for policing purpose Inappropriate disclosure of information regarding another officer Inappropriate disclosure of information regarding another officer Not upheld No No Local resolution No No Local resolution No No Not upheld No No Management action No No Disciplined internally No No Resigned during disciplinary proceedings Yes No Neither are considered section 55 offences under the Data Protection Act Passed confidential information to a relative in relation to detainee Disclosed information to a third party Accessed information not for policing purposes View images, no policing reason Accessed information not for policing purposes Accessed documents and used information contained therein 18 Dismissed No No Resigned Yes No Written Warning No No Written Warning No No Resigned Yes No Resigned Yes No 2 Support Staff 1 Police 1 1 Police Police 1 Police 1 Police Cumbria Constabulary Derbyshire Constabulary Devon and Cornwall Police Accessed information not for policing purposes Passed information to a member of the public Discussed cases with a member of the public Party Accessed information not for policing purposes Accessed information not for policing purposes Written Warning Resigned before court case was heard No No Yes No Written Warning Resigned No Yes No No Final Written Warning No No Management Action No No Dismissed Disciplined internally Disciplined internally Resigned during disciplinary Resigned during disciplinary No disciplinary action No disciplinary action Convicted Convicted Dismissed Dismissed Disciplined internally Disciplined internally Resigned Resigned No No No No No No Yes No Yes No No No No No No No No Yes Yes No No No Yes Yes No No No No No No No response 47 67 1 7 2 Police Police Civilian Information not provided Information not provided Information not provided 1 Police Information not provided 2 32 2 2 3 3 2 25 21 3 6 Civilian Police Civilian Police Civilian Police Civilian Police Civilian Police Civilian Information not provided Information not provided Information not provided Information not provided Information not provided Information not provided Information not provided Information not provided Information not provided Information not provided Information not provided 19 Dorset Police 1 Police 1 Civilian 4 Officer 1 Staff 3 Officer 1 Staff 7 Officer 13 Staff 8 Officer 81 2 Staff 30 Officer Shared information from witness statement with another witness PCSO disclosed information about family member during enquiries Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party Inappropriate access to/and or disclosure of personal data to a third party 20 No disciplinary action No No No disciplinary action No No Convicted No Yes Convicted No Yes Dismissed No No Dismissed No No Disciplined Internally No No Disciplined Internally No No Resigned during disciplinary Yes No Resigned during disciplinary Yes No No disciplinary action No No Durham Police 12 Staff 1 Civilian 1 Police 1 Police 13 1 Police 1 Staff 1 Staff 1 Police Inappropriate access to/and or disclosure of personal data to a third party Access police systems around member of OCG for nonpolicing purpose – no evidence of disclosure. Confidential internal report. Accessed police systems for non-policing purpose. Internal reporting. Accessed policing systems for non-policing purpose, with suspicion that this was disclosed to suspect in criminal investigation, but not substantiated. Complaint from member of public. Accessed police systems for non-policing purpose, and used information to own benefit. Confidential reporting from member of public. Accessed force systems and believed to share information with relative to the third persons benefit. Public complaint. Accessed force systems for non-policing purpose. Confidential internal reporting. Disclosed information about 21 No disciplinary action No No First written warning issued. No No Resigned prior to facing misconduct hearing Yes No Resigned prior to facing misconduct hearing Yes No Resigned prior to facing misconduct hearing Yes No Resigned prior to facing misconduct hearing Yes No Resigned prior to facing misconduct hearing Yes No Management advice. No No Dyfed Powys Police 1 Police 1 Police 1 Staff 1 Police 1 Police 1 Police 1 Civilian 1 Police 8 subject to Fire Service – Inadvertent, no intent. Complaint from public. Inadvertent disclosure of personal information to suspect re source of information. Complaint from public. Inappropriate passing of personal information to Prison Service re inmate. Complaint. Inadvertent copying of email to other professional in Health Service about named. Complaint. Pass information to solicitor about subject – inadvertent, no intent. Complaint. Inaccurate disclosure of information re subject to Housing Association. Complaint. Disproportionate disclosure to OFSTED about subjects past history. Complaint. Unlawful disclosure of information to a family member. Verbal disclosure re: incident. Unlawful disclosure of sensitive information to a member of public. Verbal disclosure re: crime. 22 Personal Lessons learned. Management advice. Lessons. No No Management advice. Lessons. No No Management advice. Lessons. No No Management advice. Lessons. No No Management advice. Lessons. No No Management advice. Lessons. No No Written Warning No No Written Warning No No 1 Police 1 Police 1 1 1 Police Police Police Unlawful disclosure of information to a family member. Verbal disclosure re: crime. Unlawful access to information on police systems in relation to a family member. Custody Record, Crime Scene Report & Case Preparation Record viewed no data disclosed externally. Disclosure of information to neighbour of a complainant. Officer posted a card through neighbours' door in error. The card contained data regarding an incident he had reported in relation to a third party. The information did not contain any personal data (DPA 1998) that would not already be known to the neighbours. Sensitive police information passed to a member of public on a USB device. Intelligence Reports, emails, public information letters relating to crime matters. Unlawful access to Force systems. Checks on police data bases in relation to a third party to be a friend of the officer. 23 Management Advice No No Written Warning No No Management Action (informal action – not formal disciplinary action). No No Management Action (informal action – not formal disciplinary action). No No Management Action (informal action – not formal disciplinary action). No No Essex Police8 6 1 Police 1 Police 1 Police 1 Police Staff 1 Police 1 8 Police Unlawful access to Force systems. Officer inappropriately accessed Force systems re: historical case whereby officer was the victim. It is alleged that an officer inappropriately disclosed police information. A complaint has been made that an officer sent inappropriate communications to a female after attending her home to deal with an incident. A member of police staff has accessed and viewed a large quantity of records on Essex Police System and PNC relating to their family, friends and associates. It is alleged that an officer accessed and disclosed police information regarding an incident involving a relative. An officer is under investigation for abusing his position to form relationships with a number of females. It is also suspected that has carried out police checks Information obtained via the Force’s quarterly reports on Complaints, Misconduct and Other Matters. 24 Management Action (informal action – not formal disciplinary action). The officer is under suspension. A guilty plea was entered at Crown Court and a sentencing date is yet to be set. The member of staff is under suspension. Crown Prosecution Service charging advice has been sought. A gross misconduct meeting is to be held. The officer is under suspension. A file has been submitted to the Crown Prosecution Service. No No No No No Yes N/A N/A No No N/A N/A without a policing purpose 1 Police and Police Staff Gloucestershire Constabulary Greater Manchester Police An officer and a member of police staff have both received a criminal caution for Data Protection Act offences. The officer is to attend a Gross Misconduct Hearing in April 2016. The police staff member had resigned prior to the commencement of the PSD investigation. Yes No Meeting - Written Warning No No Proven - Management Action No No Retired prior to misconduct No No Meeting - Written Warning No No Proven - Management Action (Advice) No No Caution/resigned prior to misconduct Yes No No response 100 1 Officer 1 Staff 1 Officer 1 Officer 1 Officer 1 Officer The officer is suspected of conducting checks for a nonpolicing purpose. Misuse of Force Systems. Disclosure of Information Disclosed sensitive information on Facebook. Disclosure of Information. Performed PNC checks believed to have been for own use. Misuse of PNC. Misuse of Force Systems. Officer used GMP systems for own use. Misuse of Force Systems. Searched GMP systems believed to be for own use. Misuse of Force Systems. Disclosure of Information. Obtaining and passing data. Misuse of Force Systems. 25 1 Officer 1 Officer 1 Staff 1 Officer 1 Staff 1 Officer 1 Staff 1 Staff Disclosure of Information. Criminal conduct: Data Protection. Allegation that a police staff accessed in relation to a personal matter. Misuse of Force Systems. Allegation that officer downloaded body worn camera images. Misuse of Force Systems. The support staff member was found to have breached data protection. Disclosure of Information. Investigation into allegation that the officer has sent an email. Misuse of Force Systems. Unlawfully modified GMP data for personal gain. Misuse of Force Systems. Criminal conduct: Data Protection. Alleges that officers have disclosed information. Disclosure of Information. Alleges a staff member is accessing GMP systems to provide information. Misuse of Force Systems. Disclosure of Information. Accessed police computers. Misuse of Force Systems. Criminal conduct: Data 26 Proven - Management Action No No Meeting - Final written warning No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Hearing - Final written warning No No Proven - Management Action (Advice) No No Resigned prior to misconduct Yes No Crown Court - Fine, costs & victim surcharge/hearing - No Yes 1 Officer 1 Officer 1 Staff 1 Officer 1 Staff 1 Staff 1 Officer 1 Staff 1 Officer 1 Staff 1 Staff Protection. PNC'd without justification. Misuse of PNC Misused force systems. Investigation into data protection offences. Criminal conduct: Data Protection. Officer has accessed record for non-policing purposes. Misuse of Force Systems. Misuse of PNC. Disclosed operational information. Disclosure of Information. Misused force computer systems. Misuse of Force Systems. Traced using PNC. Misuse of PNC. Check on the PNC a vehicle. Misuse of PNC. Criminal conduct: Data Protection. Officer informed… [individual] was to be arrested. Disclosure of Information. A copy of video file sent to staff member's home email address. Misuse of Force Systems. Criminal conduct: Data Protection. Concerns that an [officer] had accessed a FWIN. Misuse of 27 dismissal Retired prior to misconduct Proven - Management Action (Advice) No No No No Caution/Hearing dismissed No No Resigned prior to misconduct Yes No Hearing - Written Warning No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Resigned prior to misconduct Yes No Proven - Management Action No No Crown Court - Not guilty/hearing dismissed No No Proven - Management Action (Advice) No No 1 Staff 1 Staff 1 Officer 1 Staff 1 Staff 1 Officer 1 Staff 1 Officer Force Systems. Accessing confidential GMP data for non-policing purposes. Misuse of Force Systems. Misuse of PNC. Data protection issues and failing to declare a notifiable association. Misuse of Force Systems. Officer, allowed access to passwords. Misuse of Force Systems. Staff member accessed FWIN for personal reasons. Misuse of Force Systems. Staff member accessed police systems for own purposes. Criminal conduct: Data Protection. Used GMP systems to research further provide information and request action. Misuse of Force Systems. Conspiracy to commit misconduct in a public office. Misuse of Force Systems. Disclosure of Information. Made use of the system to access police information without having a bonefide policing purpose. Misuse of Force Systems. 28 Caution/Hearing dismissed No No Resigned prior to misconduct Yes No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Magistrates Court Fine/Hearing Dismissed No No Proven - Management Action (Advice) No No Crown Court - Not guilty/hearing. Dismissal. No No Proven - Management Action (Advice) No No 1 Officer 1 Staff 1 Officer 1 Staff 1 Officer 1 Special 1 Officer 1 Officer 1 Officer 1 Staff 1 Officer 1 Staff Accessed for non-policing matters. Misuse of Force Systems. PCSO told to have no further dealings with case, later conducted enquiries. Misuse of Force Systems. Made unauthorised checks on PNC. Misuse of PNC. Given out information. Disclosure of Information. Accessed record. Misuse of Force Systems. Approached a colleague and asked to PNC a vehicle. Misuse of PNC. Officer has accessed PNC for information. Misuse of Force Systems. Misuse of PNC. Copy of statement supplied [to a third party]. Disclosure of Information. Believes information being manufactured by an officer. Misuse of Force Systems. Shared confidential information. Disclosure of Information. Misused to disprove claims. Misuse of Force Systems. Accessed PNC and OPUS for non-policing purposes. Misuse 29 Resigned Yes No Hearing Written Warning No No No Yes No No No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action No No Proven - Management Action (Advice) No No No No No No Crown Court - 4 Years Imprisonment/Hearing - Dismissed Hearing Verbal Warning Proven - Management Action (Advice) Proven - Management Action (Advice) Proven - Management Action (Advice) 1 Officer 1 Staff 1 Staff 1 Officer 1 Officer 1 Officer 1 Officer 1 Officer 1 Officer of Force Systems. Misuse of PNC. Officer used GMP systems without a legitimate policing purpose. Misuse of Force Systems. Unlawfully modifying data on GMP systems concerning member of police staff. Misuse of Force Systems. Accessed records for a nonpolicing purpose. Misuse of Force Systems. Alleged use systems for other than a policing purpose. Misuse of Force Systems Forwarded photos of work related incidents. Misuse of Force Systems. Disclosure of Information. Officer is believed to have accessed GMP systems concerning member of police staff. Misuse of Force Systems. Officer checked the voters register and obtained details. Misuse of Force Systems. Officer accessing nominals. Misuse of Force Systems. Disclosure of Information. Accessed GMP systems for non-policing purpose. 30 Proven - Management Action (Advice) No No Hearing - dismissed No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Meeting - Final written warning No No Meeting - Final written warning No No 1 Officer 1 Officer 1 Special 1 Officer 1 Officer 1 Officer 1 Staff 1 Staff 1 Officer Disclosure of Information. Misuse of Force Systems. Access GMP systems for a non-policing purpose. Misuse of Force Systems. Disclosure of Information. Criminal conduct: Data Protection. The officer was found to have viewed for a non-policing purpose. Misuse of Force Systems. Accessed crime reports for non-policing purpose. Misuse of Force Systems. Alleges unauthorised access to GMP systems to gain personal details and disclosed to colleagues. Misuse of Force Systems. Disclosed information. Disclosure of Information. An officer check system concerning a friend. Misuse of Force Systems. Member of staff accessed system without authority. Misuse of Force Systems. [Accessed colleagues email account]. Misuse of Force Systems Officer has accessed GMP records not for policing purpose. Misuse of Force 31 Crown Court - 2 Years 9 Months Imprisonment/Hearing - Dismissed No Yes Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Meeting - Final written warning No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Hearing - Final Written Warning No No 1 Officer 1 Staff 1 Officer 1 Staff 1 Staff 1 Officer 1 Officer 1 Officer 1 Officer Systems. Unauthorised use of police databases. Misuse of Force Systems. Staff member allegedly accessed records using a GMP computer system, for nonpolicing purposes. Misuse of Force Systems. Officer used a colleague's log on details to access GMP email account. Misuse of Force Systems. Disclosure of Information. Staff member disclosed information of incident. Disclosure of Information. Staff member shared information outside of GMP that should not be disclosed. Disclosure of Information. Officer has provided information concerning a case. Disclosure of Information. Misuse of Force Systems. Accessed and divulged information. Disclosure of Information. Misuse of Force Systems. Using the force PNC system to locate details. Misuse of PNC. Officer allegedly accessed 32 Meeting - Final written warning No No Hearing - Final Written Warning No No Meeting - Written warning No No Proven - Management Action No No Proven - Management Action (Advice) No No Proven - Management Action No No Meeting - Written warning No No No No No No Proven - Management Action Proven - Management 1 Officer 1 Officer 1 Officer 1 Staff 1 Staff 1 Staff 1 Officer 1 Staff 1 Officer 1 Staff force system whilst off duty. Misuse of Force Systems. Officer has provided details to other party. Misuse of PNC. Disclosure of Information. Officer allegedly carried out an unauthorised PNC check using force systems. Misuse of PNC. Officer viewed [record] and posted comment. Disclosure of Information. Staff member disclosed information regarding work. Disclosure of Information. Officer checked OPUS. Misuse of Force Systems. Staff member allegedly carried out search using a force system. Misuse of Force Systems. Officer checked GMP systems. Disclosure of Information. Checked FWIN and passed information. Disclosure of Information. Officer had a lot of information which would not have been general knowledge. Disclosure of Information. Misuse of Force Systems. [Accessing GMP system]. Disclosure of Information. 33 Action Meeting - Written warning No No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Resigned prior to misconduct Yes No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action No No Hearing - Written Warning No No Proven - Management Action No No Proven - Management Action (Advice) No No 1 Officer and Staff 1 Officer 1 Staff 2 Officer 1 Officer 1 Officer 1 Officer 1 Staff 1 Officer Misuse of Force Systems. Staff member has viewed FWIN without authority or good reason. In addition staff members failed to report this breach of data protection. Disclosure of Information. Misuse of Force Systems. Officer misusing GMP systems. Misuse of Force Systems. Member of staff accessed a PNC. Misuse of PNC. Officer Accessed records without a policing purpose. Misuse of Force Systems. Officer accessed GMP computer systems, none of the access was for a policing purpose. Misuse of Force Systems. Officer took a photograph forwarded to colleagues. Misuse of Force Systems. Access information for own curiosity and personal use. Misuse of Force Systems. Officer accessed confidential data and disclosed this information. Disclosure of Information. Misuse of Force Systems. Confidential documents 34 Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No Proven - Management Action No No Proven - Management Action No No Meeting - Written Warning No No Proven - Management Action No No Proven - Management Action (Advice) No No Resigned prior to misconduct Yes No Proven - Management No No Gwent Constabulary Hampshire Constabulary Hertfordshire 1 Staff 1 Officer 1 Staff 1 Staff 1 Officer 1 Officer 1 Staff 1 Officer passed on. Disclosure of Information. Member of staff alleged to have accessed records also disclosed information. Misuse of Force Systems. Officer accessed police records for a non-policing reason. Misuse of Force Systems. Staff member accessing force systems to find out information then disclosing the information. Misuse of Force Systems. Disclosure of Information. Misused GMP systems. Misuse of Force Systems. Officer disclosed report. Disclosure of Information. Officer accessed a FWIN. Misuse of Force Systems. Looking a nominals. Misuse of Force Systems. Officer advised not to access records. It was later found had accessed record. Misuse of Force Systems. Action Resigned prior to misconduct Yes No Proven - Management Action (Advice) No No Proven - Management Action (Advice) No No No No No No No No No No No No No No Meeting - Final written warning Proven - Management Action Proven - Management Action Proven - Management Action Proven - Management Action (Advice) Refused - Cost and Time Refused - Cost and Time 7 1 Police Use of police systems for a 35 Disciplinary Constabulary 6 information not provided 1 Staff 1 Police 1 Police 1 Police 1 Police Humberside Police 168 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police non-policing purpose proceedings Management advice Information not provided Management action No No Formal Misconduct. Written Warning. No No Informal Misconduct. Management action. No No Not Upheld. NFA. No No Informal Misconduct. Management action. No No Not Upheld. NFA. No No Not Upheld. Management action. No No Resigned during investigation. Resigned. Yes No Informal Misconduct. Management action. No No Withdrawn. NFA. No No Formal Misconduct. Final Written Warning. No No Withdrawn. NFA. No No Emailed confidential information to home computer. Police information. Accessed police systems for a non-policing purpose. Police information. Disclosure to other agency partners. Police information. Accessed police systems for a non-policing purpose. Police information. Disclosure of details of complaint's husband. Personal information. Disclosure of details of a police operation to a third party. Police information. Accessed police systems for a non-policing purpose. Police and personal information. Accessed police systems for a non-policing purpose. Police information. Disclosure of information to a third party. Personal information. Accessed police systems for a non-policing purpose. Police and persona information. Use of police systems to obtain personal details. Personal information. 36 Police Accessed police systems for a non-policing purpose. Police and personal information. Disclosure to a third party. Personal information. Accessed police systems for a non-policing purpose. Police and personal information. Disclosure of bank account details. Personal information. Use of PNC for vehicle details. Personal information. Accessed police systems for a non-policing purpose. Personal information. Disclosure of details of police incidents. Police information. Accessed police systems for a non-policing purpose. Police information. Accessed police systems for a non-policing purpose. Police information. Disclosed information to neighbours. Personal information. Disclosed information about previous convictions. Personal information. Accessed police systems for a non-policing purpose. Personal information. Accessed police systems for a non-policing purpose. Police information. Police Disclosed information to a third 1 Police 1 Police 1 Police 1 1 Police Police 1 Police 1 Police 1 Police 1 Staff 1 Unidentified 1 Staff 1 Police 1 1 37 Formal Misconduct. Written warning. No No Not Upheld. NFA. No No No No No No No No No No No No Not Upheld. Management action. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Formal Misconduct. Management advice. No No Yes No No No Formal Misconduct. Final Written Warning. Dispensation by IPCC. NFA. Not Upheld. Management action. Withdrawn. NFA. Informal Misconduct. Management action. Resigned prior to hearing. Resigned. Locally Resolved. NFA. party. Personal information. 1 1 Staff Police 1 Police 1 Police 1 Police 1 Staff 1 Police 1 Police 1 Police 1 Police 1 Staff 1 Police 1 Police Disclosed details of a traffic accident. Personal information. Disclosed information to an employer. Personal information. Accessed police systems for a non-policing purpose. Police information. Improper disclosure of information. Personal information. Disclosure of information to neighbours. Police/Personal information. Improper access and disclosure of information. Police/Personal information. Disclosed personal information. Personal information. Improper disclosure of information to employer. Personal information. Accessed police systems for a non-policing purpose. Police information. Improper disclosure of information. Personal information. Improper disclosure to employer. Police information. Information supplied to neighbours. Police/Personal information. Sent email over a non-secure network. Police/Personal information. 38 Locally Resolved. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Withdrawn. NFA. No No Not Upheld. NFA. No No Withdrawn. NFA. No No Not Upheld. NFA. No No Informal Misconduct. Management action. No No Informal Misconduct. Management action. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Informal Misconduct. Management action. No No Police Improper disclosure of information. Personal information. Accessed police systems for a non-policing purpose. Police information. Accessed police systems for a non-policing purpose. Police information. Checked police systems for personal details. Personal information. Improper disclosure of information. Personal information. Improper disclosure of information. Police/Personal information. Improper disclosure of information to employer. Personal information. Disclosure of previous convictions. Personal information. Improper access for a nonpolicing purpose. Personal information. Accessed police systems for a non-policing purpose. Personal information. Disclosed personal information. Personal information. Accessed police systems for a non-policing purpose. Police/Personal information. Staff Improper disclosure of 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police 1 Staff 1 Police 1 Police 1 Police 1 Police 1 1 39 Locally Resolved. NFA. No No Formal Misconduct. Management advice. No No Formal Misconduct. Management advice. No No Locally Resolved. NFA. No No Withdrawn. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Informal Misconduct. Management action. No No No No No No No No No No Informal Misconduct. Management action. Informal Misconduct. Management action. Formal Misconduct. Final Written Warning. Not Upheld. NFA. 1 Police 1 Police 1 Unidentified 1 Unidentified 1 1 Police Staff 1 Police 1 Police 1 Police 1 Police 1 Police 1 Police information. Personal information. Improper access and disclosure of information to a third party. Police/Personal information. Accessed police systems for a non-policing purpose. Police information. Accessed and disclosed information to a third party. Personal information. Unauthorised disclosure of information to a third party. Personal information. Improper disclosure to a third party. Personal information. Improper disclosure to a partner agency. Personal information. Accessed police systems for a non-policing purpose. Police information. Improper disclosure to a third party. Police/Personal information. Improper access and disclosure to a third party. Personal information. Improper disclosure of confidential information. Personal information. Checks on a vehicle for a nonpolicing purpose. Police/Personal information. Accessed records of family members. Police/Personal information. 40 Not Upheld. NFA. No No Not Upheld. Management action. No No Withdrawn. NFA. No No Withdrawn. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Formal Misconduct. Management advice. No No Withdrawn. NFA. No No Withdrawn. NFA. No No Not Upheld. NFA. No No Formal Misconduct. Not upheld. No No Formal Misconduct. Final Written Warning. No No Police Accessed information of associates for non-policing purposes. Police/Personal information. Improper disclosure of information about a CCTV camera. Police information. Improper disclosure of medical information to a third party. Personal information. Accessed and disclosed records of associates. Police/Personal information. Improper disclosure of information to a partner agency. Personal information. Inappropriate disclosure of information to employers. Police/Personal information. Improper disclosure of information to the press. Police/Personal information. Improper access for a nonpolicing purpose. Police/Personal information. Improper disclosure of information re a DV incident. Personal information. Added information to a database. Personal information. Improper disclosure of information. Police information. Improper disclosure of information to a school. Personal information. Police Accessed information of 1 Police 1 Staff 1 Police 1 Police 1 Police 1 Staff 1 Police 1 Police 1 Police 1 1 Police Staff 1 1 41 Formal Misconduct. Written Warning. No No Locally Resolved. NFA. No No Locally Resolved. NFA. No No Formal Misconduct. Final Written Warning. No No Withdrawn. NFA. No No Withdrawn. NFA. No No Withdrawn. NFA. No No Formal Misconduct. Written Warning. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No No No Formal Misconduct. 1 Police 1 Police 1 Police 1 Police 1 Unidentified 1 Police 1 1 1 Staff Police Police 1 Staff 1 Police 1 Police 1 Staff associates for non-policing purposes. Police/Personal information. Disclosure of information. Personal information. Improper disclosure of information. Police/Personal information. Improper disclosure of information. Police/Personal information. Improper access and disclosure. Police information. Inappropriate disclosure of information to finance company. Personal information. Accessed for a non-policing purpose and improper disclosure. Police/Personal information. Disclosure to a third party. Personal information. Improper disclosure of information. Police information. Disclosed details of a colleague. Personal information. Accessed police systems for a non-policing purpose. Police/Personal information. Accessed police systems for a non-policing purpose/improper disclosure. Personal information. Accessed police systems for a non-policing purpose. Police/Personal information. Improper disclosure to family members. Police/Personal 42 Management advice. Locally Resolved. Words of advice. No No Not Upheld. NFA. No No Locally Resolved. NFA. Resigned prior to charges. Resigned. No No Yes No Locally Resolved. NFA. No No Informal Misconduct. Management action. Resigned during investigation. Resigned. No No Yes No Not Upheld. NFA. No No Not Upheld. NFA. No No Withdrawn. NFA. No No Not Upheld. NFA. No No Formal Misconduct. Final Written Warning. No No Locally Resolved. NFA. No No information. 1 Staff 1 Staff 1 Police 1 Police 1 Unidentified 1 Police 1 Staff 1 Police 1 Staff 1 Staff 1 Police 1 Police Inappropriate access and disclosure. Police/Personal information. Accessed police systems for a non-policing purpose. Police/Personal information. Improper disclosure of information to an offender. Police information. Inappropriate access and disclosure to family members. Personal information. Information supplied to a forum. Police/Personal information. Improper disclosure of information to a third party. Personal information. Improper disclosure to a third party. Police/Personal information. Improper access and copying of data. Personal information. Improper disclosure of information to a third party. Police/Personal information Improper access for a nonpolicing purpose. Police information. Improper disclosure of information to a third party. Personal information. Improper access for a nonpolicing purpose. Police/Personal information. 43 Not Upheld. NFA. No No Not Upheld No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Withdrawn. NFA No No Locally Resolved. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Formal Misconduct. Verbal Warning. No No Locally Resolved. NFA. No No Informal Misconduct. Management action. No No 1 Staff 1 Police 1 Police 1 Police 1 Staff 1 Staff 1 Staff 1 Police 1 Police 1 Police 1 Staff 1 Staff Improper disclosure of information to employer. Police/Personal information. Improper disclosure of information to a council employee. Personal information. Disclosure of information via a letter. Police/Personal information. Sent emails to an insecure email address. Personal information. Improper disclosure of information to council. Personal information. Accessed policing systems for non-policing purposes. Police information. Accessed policing systems for non-policing purposes. Police information. Accessed policing systems for non-policing purposes. Police information. Inappropriate disclosure of information via Facebook. Police information. Accessed police systems for a non-policing purpose. Police information. Accessed police systems for a non-policing purpose. Police information. Unauthorised access and improper disclosure of information to a third party. Personal information. 44 Locally Resolved. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. Formal Misconduct. Written warning. No No No No Not Upheld. NFA. No No Formal Misconduct. Written Warning. No No Formal Misconduct. Written Warning. No No Not Upheld. NFA. No No Disapplied. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No 1 Unidentified 1 Staff 1 Staff 1 Unidentified 1 Police 1 Police 1 Police 1 Police 1 Staff 1 Police 1 Staff 1 Police Improper disclosure of information to a third party. Police/Personal information. Accessed information for nonpolicing purposes. Police/Personal information. Improper disclosure of information. Personal information. Improper disclosure of information to an employer. Police/Personal information. Improper disclosure of information. Personal information. Improper disclosure of information to a third party. Police/Personal information. Accessed information for nonpolicing purposes. Police information. Accessed information for a nonpolicing purpose. Police information. Improper access and disclosure to a third party. Personal information. Accessed information for a nonpolicing purpose. Personal information. Improper disclosure of information. Personal information. Accessed information for a nonpolicing purpose. Police information. 45 Withdrawn. NFA. No No Formal Misconduct. Written Warning. No No Locally Resolved. Management action. No No Withdrawn. NFA. No No Locally Resolved. NFA. No No Withdrawn. NFA. No No Informal Misconduct. Management action. No No Informal Misconduct. Management action. No No Resigned during investigation. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Police Accessed information for a nonpolicing purpose. Police information. Improper access and disclosure to a partner agency. Police/Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Improper disclosure of information to the council. Police information. Accessed information for a nonpolicing purpose. Police/Personal information. Improper disclosure of information. Police information. Improper disclosure of information to the NHS. Police/Personal information. Improper disclosure of information to a third party. Personal information. Improper disclosure of information. Police/Personal information. Improper disclosure of information to a third party. Personal information. Police Accessed information for a non- 1 Staff 1 Staff 1 staff 1 Police 1 Staff 1 Police 1 Police 1 Police 1 Police 1 Police 1 Staff 1 1 46 Formal Misconduct. Written warning. No No Locally Resolved. NFA. No No Formal Misconduct. Written warning. No No Not Upheld. NFA. No No Formal Misconduct. Verbal Warning. No No Locally Resolved. NFA. No No Formal Misconduct. Final Written Warning. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No No No Not Upheld. NFA. 1 Police 1 Police 1 Police 1 Unidentified 1 Staff 1 Staff 1 Police 1 Police 1 Police 1 Staff 1 Police 1 Police policing purpose. Police/Personal information. Accessed information for a nonpolicing purpose. Police information. Improper disclosure of information to a prison inmate. Police information. Improper disclosure of information about an offender. Police information. Disclosure of incorrect information to other agencies. Police/Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Improper disclosure of information to a local authority. Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Improper disclosure of information. Police information. Inappropriate access and disclosure of information for personal benefit. Police/Personal information. Personal information. Improper disclosure of information during a court case. Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. 47 Not Upheld. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Formal Misconduct. Verbal Warning. No No Not Upheld. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. No No No No No No No No Yes No Informal Misconduct. Management action. Withdrawn. NFA. Upheld. NFA. CPS had released the information. Resigned prior to misconduct. NFA. 1 VOLUNTEER 1 Police 1 Police 1 Police 1 Police 1 Staff 1 Unidentified 1 Police 1 Unidentified 1 Police 1 Police 1 Police 1 Staff Accessed information for a nonpolicing purpose. Police/Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Improper disclosure of witness information. Personal information. Improper disclosure of information. Personal information. Improper access and disclosure of information. Personal information. Police information. Improper disclosure of information to a partner agency. Police information. Improper disclosure of information at a workplace. Police/Personal information. Improper disclosure of information re address. Personal information. Improper disclosure of information at Court. Personal information. Accessed information for a nonpolicing purpose. Police/Personal information. Improper disclosure of information. Police/Personal information. Accessed information for nonpolicing purpose. Police 48 VOLUNTEER. NFA No No Formal Misconduct. Written warning. No No Locally Resolved. NFA. No No Not Upheld. NFA. No No Locally Resolved. NFA. Not Upheld. NFA. No No No No Not Upheld. NFA. No No Locally Resolved. NFA. No No Locally Resolved. NFA. No No Locally Resolved. NFA. No No Formal Misconduct. Written Warning. No No No No No No Locally Resolved. NFA. Not Upheld. Policy rereinforced. information. Staff Accessed information for nonpolicing purpose. Police/Personal information. Accessed information for nonpolicing purpose. Police/Personal information. Accessed information for nonpolicing purpose. Police/Personal information. Accessed a police log for nonpolicing purpose. Police information. Accessed information for a nonpolicing purpose. Police/Personal information. 2 Police Officer Records Accessed Management Action No No 19 Police Officer Unauthorised Check Management Action No No 1 Police Officer Unauthorised Check Formal Action - Hearing No Yes 3 Police Officer Unauthorised Check Resigned Yes No 1 Police Officer Computer Misuse Resigned Yes No 2 Police Staff Inappropriate Use Resigned Yes No 2 Police Staff Inappropriate Use Final Written Warning No No 4 Police Officer Improper Disclosure Resigned Yes No 6 Police Officer Unauthorised Check No Action No No 2 Police Officer Unauthorised Check Dismissed No Yes 2 Police Staff Improper Disclosure Resigned Yes No 9 Police Officer Improper Disclosure Management Action No No 2 Police Staff Improper Disclosure Management Action No No 3 Police Officer Unauthorised Check Management Advice No No 3 Police Officer Inappropriate Use Management Action No No 2 Police Officer Unauthorised Check Written Warning No No 1 Staff 1 Staff 1 Police 1 Staff 1 Kent Police 81 49 Formal Misconduct. Verbal Warning. No No Not Upheld. NFA. Informal Misconduct. Management action. Policy re-enforced. No No No No Not Upheld. NFA. No No Formal Misconduct. Written warning. No No 2 Police Officer Inappropriate Use No Action No No 1 Police Staff Unauthorised Check Final Written Warning No No 2 Police Staff Improper Disclosure No Action No No 1 Police Staff Improper Disclosure Dismissed No Yes 3 Police Officer Unauthorised Check Final Written Warning No No 2 Police Staff Special Constable Special Constable Unauthorised Check No Action No No Unauthorised Check No Action No No Unauthorised Check Resigned Yes No Unauthorised Check Dismissed No Yes Improper Disclosure Resigned Yes No 1 Police Officer Special Constable Other Police Staff Improper Disclosure Dismissed No Yes 1 Police Officer Improper Disclosure No Action No No Convicted No Yes Dismissed No No Disciplined Internally No No Disciplined Internally No No Disciplined Internally No No Disciplined Internally No No Disciplined Internally No No 1 2 1 1 Lancashire Constabulary 16 1 Civilian 1 Civilian 2 Police 1 Police 1 Police 1 Civilian 1 Civilian Inappropriately shared victim information with a third party Inappropriate use of force systems Inappropriate use of force systems Inappropriate use of force systems and inappropriately sharing information with a third party Inappropriately sharing information with a third party Inappropriately sharing information with a third party Not storing confidential documentation safely and 50 Leicestershire Constabulary 1 2 Civilian 1 Civilian 2 Police 1 Civilian 2 Civilian 1 Staff 1 Police 1 Staff Lincolnshire Police Merseyside Police 77 securely. Inappropriate use of force Disciplined Internally systems Inappropriate use of force systems and inappropriately Disciplined Internally sharing information with a third party Inappropriately sharing Resigned during information with a third party. disciplinary process Inappropriate use of force Resigned during systems, potential disclosure disciplinary process of information. Inappropriately sharing Resigned during information with a third party. disciplinary process 5 charges relating to inappropriate browsing of Convicted and systems and led to the subsequently resigned magistrates convicting the individual. Refused - Cost and Time Inappropriate use of force systems. Officer has Resigned and conducted numerous dubious convicted checks on Force systems in relation to herself and others. Inappropriate use of force systems. Officer has multiple questionable checks. They are No Case to Answer questionable in that they focus on his surname and one street. 51 No No No No Yes No Yes No Yes No Yes Yes Yes Yes No No 1 Police 1 Police 1 Police 1 Staff Inappropriate use of force systems. Audit checks obtained have identified officer as having conducted questionable checks on the force systems. Inappropriate use of force systems. Systems audit conducted on officer after he reported an association to PSD. Audit reveals that he has on a couple of occasions examined 2 crime files on Niche where there was an off duty victim and also searched for another person with his surname. Inappropriately shared information. Internal report submitted outlining that the officer has disclosed information about a surveillance operation she was involved in to a colleague within the Violent Offender Management Unit (VOMU), when she was explicitly asked not to. Inappropriate use of force systems. As a result of an intelligence report by an officer in relation to criminal 52 No Case to Answer No No Officer to be provided with advice and training No No Final written warning No No Advice and action plan given No No 1 Police 1 Police activity by a relative of his partner, Force systems checks were done which disclosed some inappropriate use of systems. Inappropriate use of force systems. Officer seeks permission to have access to his wife’s email account whilst she is off sick to monitor responses re a joint presentation they are working on. Permission is refused and so officer then obtains wife’s password and delegates her email account to him. The delegation was removed before he accessed her actual email account. Inappropriate use of force systems. A complaint was made alleging that officer accessed Force Systems and shared the information outside of the organisation. As part of that investigation the ACU have done an audit on officer's use of Force Systems; as a result of that audit, questionable checks have been identified unconnected to the complaint matters. It is alleged that the 53 Advice provided No No Advice provided No No 1 Staff 1 Staff 1 Police checks were not for a policing purpose as they relate to the officer's family and individuals/locations that are known to the officer but are outside the Police organisation and its business. Inappropriate use of force systems. Employee completed a search on systems on behalf of her colleague. Employee immediately reported the matter to a supervisor and both have submitted formal reports re their actions. Inappropriate use of force systems. Employee's daughter was a vulnerable MFH. She was not reported but employee used Force systems to identify an address connected to their daughter. On arriving at the address she was not there and so asked a colleague to conduct a further search which she did. Inappropriately shared information. It is alleged that officer became aware his daughter had disclosed confidential information to her mother, who had made further disclosures and he 54 Management action No No Management action No No Management action No No failed to report the matter in an appropriate manner. 1 Staff 1 Police Inappropriate use of force systems and sharing information. Employee has received a test message from a friend enquiring about an incident in the St Helens area. She has responded by saying that she would have a look at the log when next on duty. When next on duty she examined the incident logs and then sent a number of text messages to her friend providing her with information about the incident. Inappropriately shared information. Allegation that officer has breached force confidentiality by attending a fellow officer’s house and informing him that a sex offender lived in his road. As a result of his actions the information was passed to a third party outside the organisation. 55 Resigned Yes No Written warning No No 2 Police 1 Police 1 Staff 1 Police 1 Police Inappropriately shared information. It is alleged the officer was involved in the disclosure of confidential information when not in the proper course of police duties regarding the movement of a Juvenile from GMP to the Merseyside area. Inappropriate use of force systems. Questionable system checks require investigation. There is no suggestion that this information has been for a third party. Inappropriate use of force systems. Audit check revealed a number of inappropriate checks in relation to their extended family. Inappropriate use of force systems. Audit checks show the officer may have carried out inappropriate system checks. Officer has viewed briefing sheet where he resides 3 times more often than where he works and has carried out checks on his name. Inappropriate use of force systems. Audit checks show that the officer has carried out 56 Management action No No No Case to Answer No No Dismissed No No Management action No No Management action No No 1 Police 2 Police 1 Police 1 Staff 1 Police a number of system checks on and around current and previous address and entered crime files. Inappropriate use of force systems. Allegation officer disclosed information from police systems to his friend during a civil dispute. Checks did not confirm this allegation, but did identify historic checks in relation to his family. Inappropriate use of force systems. Audit checks have identified a number of questionable force system checks. Inappropriate use of force systems. Audit checks have identified a number of questionable force system checks. Inappropriate use of force systems. ACU systems audit has identified a large number of system checks between 2007-2012 that do not appear to be for a policing purpose. Inappropriate use of force systems. Allegation that the officer has 'checked out' a black 2-door BMW motor vehicle given to his sister by 57 No Case to Answer No No No Case to Answer No No Resigned Yes No Resigned Yes No No Case to Answer No No her ex-boyfriend using police systems. 1 Police 1 Staff 1 Staff 1 Staff Inappropriate use of force systems. Accessing force systems. Inappropriate use of force systems. On 20/09/12 maintenance on the Merseyside Police Team Drive Server allowed access to secure team drive folders to unauthorised staff. Employee has accessed a number of sensitive team drive folders and copied this material to his personal computer desktop and then onto a memory stick. Inappropriate use of force systems. On Thursday 20/9/12 maintenance on the Merseyside Police Team Drive Server allowed access to secure team drive folders to unauthorised staff. On 20/9/12 employee has accessed a team drive and viewed a word document. Inappropriate use of force systems. Computer Misuse, questionable system checks relating to officer, her address, daughter and daughters address and male 58 Resigned Yes No Dismissed No No Written warning and advice given No No Dismissed No No believed to be her son, who is involved in drug supply. 1 Police 1 Police 1 Staff 1 Staff Inappropriate use of force systems. Audit check revealed a large number of inappropriate checks. Officer was summoned for 14 offences contrary to the DPA 1998 and 9 offences contrary to the Computer Misuse Act 1990 and following a full trial at LCM Court were convicted in relation to all matters. Inappropriate use of force systems. Officer arrested for assault on partner's daughter during a domestic argument. Suggestion they may have used Forced systems to check out the partner. Inappropriate use of force systems. ACU audit suggests staff member has inappropriately accessed a niche file and may have disclosed this information. Inappropriate use of force systems. Audit highlights a number of inappropriate system checks for a nonpolicing purpose. These appear to include family members, vehicles 59 Dismissed and convicted No Yes Resigned and cautioned Yes No No Case to Answer No No Dismissed and convicted No Yes 1 Staff 1 Police 1 Police 1 Staff associated to her and custody records. Officer pleaded guilty at LCC to 12 offences contrary to DPA 1998 and 1 offence contrary to the Computer Misuse Act 1990. Password security. Whilst a member of his staff was waiting for IT system access, this employee has disclosed his log on and password details to her so she can access force systems. Inappropriate use of force systems. Allegation officer has carried out checks on vehicles in his mother's street. Inappropriate use of force systems. Officer obtained personal data from Merseyside Police computer systems in respect of an associate. Inappropriate use of force systems. Request made on 21/02/13 to resume access to Force IT systems. Audit of computer usage shows 300 questionable checks relating to searching on addresses and names linked to her / family. 60 Advice given No No No Case to Answer No No Dismissed No No Resigned and convicted Yes Yes 1 Police 1 Police 1 Police Inappropriate use of force systems. Officer's partner was arrested for a number of offences whilst driving the officer's car. As a result of the arrest, the officer was required by her supervision to complete a Notifiable Association report. In the report, the officer admits researching her partner's former girlfriend on force systems. Further system audit has identified that the officer has conducted further DPA checks on another previous partner. Inappropriate use of force systems. Officer enters and updates storm log relating to TFMV in different BCU. Complainant has same name as officer. Inappropriately shared information. Officer has provided information in a 104 regarding an incident she was involved in. She has disclosed that she potentially breached the DPA by providing information to a member of the public. 61 Resigned and convicted Yes Yes No Case to Answer No No Advice and training provided No No 1 Police 1 Police 1 Police 1 Police 1 Staff Inappropriate use of force systems. Research has indicated that the officer has carried out systems enquiries on a male in custody that cannot be accounted for, at this stage. If not for a policing purpose this would amount to a DPA criminal offence and a breach under honesty and integrity. Inappropriately shared information. It has been suggested that officer has updated DV victim regarding on-going criminal investigations via Facebook. Inappropriate use of force systems. Misuse of force systems identified during vetting enquiry. Officer received final written warning 8.2.11 for similar offence. Limited checks but relates to self, home address and current partner. Inappropriate use of force systems. Evidence of questionable checks on force systems relating to premises controlled by officer. Inappropriately shared information. It is alleged 62 No Case to Answer No No Resigned and convicted Yes Yes Resigned and convicted Yes Yes No Case to Answer No No Dismissed No No 1 Staff 1 Police 1 Police 1 Police employee without authority or permission has disclosed confidential police information to a senior press officer, employed by Liverpool Daily Post and Echo. Inappropriate use of force systems. Employee has been convicted of a criminal offence under the Data Protection Act 1998, in respect of the unauthorised police systems checks on his home address. Inappropriate use of force systems. Officer was convicted of a criminal offence that contravened the DPA 1998. Between 17th March 2011 and 10th May 2011, knowingly and without the consent of the data controller, unlawfully obtained personal data held on police computer systems. Inappropriate use of force systems. Questionable checks by officer on force systems that are suspected to be DPA criminal offences. Inappropriate use of force systems. It is alleged that the officer has breached force 63 Dismissed and convicted No Yes Dismissed and convicted No Yes Dismissed and convicted No Yes No Case to Answer No No 1 Staff 1 Police 1 Police policy by using various force computer systems to conduct checks that were not for a policing purpose. Inappropriate use of force systems. It is alleged that on 16 separate occasions between 3/2/10 and 2/9/13 employee used Merseyside Police force systems to conduct unauthorised checks on his personal vehicle including the previous registered keeper. He also conducted unauthorised checks on his own, his sisters' and neighbour's addresses. None of these checks were conducted for official police business. Inappropriate use of force systems. Case originates from an MFH enquiry that is linked to a relative of the officer. Her conduct surrounding this issue caused sufficient concern as to merit a report to PSD. As a result of this an ACU audit was conducted which has highlighted possible DPA offences. Inappropriate use of force systems. Officer on career 64 Resigned Yes No No Case to Answer No No Resigned Yes No 1 Staff 1 Police 1 Police 1 Police break falsely claims to be on duty to access information. Inappropriate use of force systems. ACU audit has revealed systems checks relating to the case in which the member of staff was the alleged offender. Inappropriate use of force systems. Police Inappropriate use of force systems It is alleged that the officer has conducted checks on Merseyside Police Force systems which were not for a policing purpose. Inappropriate use of force systems. Off duty officer is victim of a theft of motor cycle. He is a witness in the case. The officer has then investigated his own crime, seizing and viewing CCTV, requesting ANPR checks and updating the Enquiry Log. Inappropriate use of force systems. It is alleged officer has conducted a number of questionable checks and they were not completed for a policing purpose. 65 Resigned and convicted Yes Yes Dismissed and convicted No Yes Management Action No No Written warning No No 1 Staff 1 Staff 1 Police 1 Staff Inappropriate use of force systems. The allegation is that between 27th September 2008 and 6th December 2013 employee consistently misused Merseyside Police computer systems to research information for reasons other than for a Policing purpose. Inappropriate use of force systems. Audit of computer use shows that police staff member has made checks on her home address, the address of her neighbour and other checks in the vicinity of her home address. Checks do not appear to be for a policing purpose. Inappropriate use of force systems. Audit has revealed that officer has conducted 5 questionable checks on her sister between 2007 and 2010. Inappropriate use of force systems. Audit has revealed that officer has conducted questionable checks on her ex-partner, herself and a male neighbour. She has accessed crime files relating to her expartner and herself. Checks 66 Dismissed No No Resigned and convicted Yes Yes Written warning No No Resigned Yes No conducted between 20092011. 1 Staff 1 Police 1 Staff 1 Police Inappropriate use of force systems. Audit has revealed that member of police staff has conducted a check on her husband. Also a check on her sister’s address regarding a male linked to the same address. Checks not believed to be for a policing purpose. Inappropriate use of force systems. ACU audit has revealed that member of staff has made numerous systems' checks on her cousin and her cousin's son. PCSO views incident log during normal duties, which is from her neighbour and relates to a complaint against her daughter. Later that same day PCSO admits to carrying out a check on her neighbour and also wrote down the details from the incident log she viewed and informed her own partner, which appear for personal reasons. Inappropriate use of force systems. Complainant (partner of officer's ex-wife) 67 Management action No No Advice given No No Final written warning No No No Case to Answer No No 1 Police 1 Police 1 Police 1 Police suspects officer may have conducted an unauthorised check on PNC. Inappropriate use of force systems. Complainant suspects an officer who is his current partner's ex-husband may have conducted an unauthorised check on PNC. This officer was in the vehicle at the time of the stop check and audit checks show he searched for the vehicle. Inappropriate use of force systems. Suggestion that officer has accessed force systems to look at duties of another officer who he believes is having an affair with his wife. Officer is alleged to be in an inappropriate relationship with members of an OCG and to have passed information from the force systems to the OCG in return for payment. Inappropriate use of force systems. It is alleged that between 3rd August 2011 and 25th September 2013 officer conducted numerous checks using Merseyside Police Systems relating to her family 68 Management action No No Meeting - Not proven No No Dismissed and convicted No No Dismissed No No and their partners. It is alleged that this was not a policing purpose. 1 Police 1 Police 1 Police 1 Staff Inappropriately use of force systems. Enquiries have highlighted officer has historically interrogated Force Systems in connection with the street he resides. No evidence of disclosure and appear to be 'curiosity' checks. Inappropriate use of force systems. It is alleged officer has conducted a number of questionable checks and they were not completed for a policing purpose. Inappropriate use of force systems. On Fri 19/12/14 on 2 separate occasions you misused force systems and interrogated a Niche file related to a serious case. Inappropriate use of force systems. Officer self discloses that he has accessed a storm log in relation to a family matter. In making an assessment of this matter I have considered. 69 Management advice and training No No Management action No No Management Advice No No Management advice and training No No Inappropriate use of force systems. An audit has been conducted around use of Force systems. This exercise has identified a number of Niche based enquiries, as well others relating to QAS, which do not appear to be for a legitimate policing purpose. 1 Police 1 Police 1 Staff The enquiries span from 2008 through to December 2014 and the nature of them appear to involve family members and also a series of enquiries regarding a nominal who is believed to be in a relationship with the officer’s niece. Inappropriate use of force systems. Audit has identified officer has conducted historical checks on Force systems regarding his wife being a victim of crime and his step daughter being arrested. Inappropriate use of force systems. Employee appears to have accessed a Niche record and viewed the content. He has then sent the implicated officer an email alerting the officer to the allegation and 70 No Case to Answer No No Management Advice No No Management Advice No No also that PSD have been informed. Metropolitan Police9 39 1 Staff 1 Police 1 Officer Inappropriate use of force systems. An ACU audit has identified that employee has conducted an enquiry on Force systems regarding a male who he is involved in a personal dispute. Inappropriate use of force systems. Officer has come on duty and accessed Niche to research if her husband, who she is concerned for due to his serious medical issues, had been arrested. YP accesses her husband's Niche record and then alerts her supervisor to this unauthorised access. This has been reported to PSD. The officer has provided false details concerning the manner of driving and false details concerning her identity to cause inconvenience to an acquaintance. Data 9 Resigned Yes No Management Action No No Conviction No Yes Response notes that: “The MPS has a flag under which alleged breaches of the Data Protection Act are recorded. This flag is used by members of staff when they perceive that a Data Protection Act breach has taken place. I further explained that it can be seen by reading the allegation summary column, that a number of the recorded breaches are not, in fact, breaches of the Data Protection Act 1998.” The response further notes that a breach, as summarised by the member of staff recording the allegation may not be representative of the actual breach as proven in a criminal court or a misconduct hearing. 71 Protection Breach 1 Officer 1 Officer 1 Officer 1 Officer Officer conducted PNC & MDT check of a vehicle and also a name check on original informants husband. - Between ****** 2011 and ******* 2011 at within the jurisdiction of the *****, without the consent of the data controller, knowingly or recklessly disclosed personal data Contrary to sections 55(3) and 60(2) of the Data Protection Act 1998. OPERATION ******** Between ******* 2005 and *********** 2010 conducted in excess of 30 unauthorised searches on MPS Intelligence and Crime recording indices It is alleged that officer knowingly or recklessly, without the consent of the data controller, obtained or disclosed personal data or the information contained in personal data, contained within MPS data systems without an authorised reason. Officer is believed to be passing intelligence to two 72 Conviction No Yes Conviction No Yes Conviction No Yes Conviction No Yes known drug dealers/users 1 Officer 1 Officer 1 Officer 1 Officer 1 Officer Used MPS communications systems to pass information obtained from MPS databases to third parties outside the MPS Operation ********* Misuse of MPS databases Complainant states that in **** an officer had informed her parents without her permission or knowledge that she had moved to *********** and later again that her daughter had been taken into care. Complainant did not wish these details to be divulged to her family and feels this is a breach of the data protection act. The complainant states the officer Breached Data Protection Act. The officer cited has breached data protection by sending an email using another colleagues computer who had left his desk briefly and had neglected to log off his computer. The email was sent to a senior officer and although not abusive was flippant in nature poking fun at another senior 73 Conviction No Yes Conviction No Yes Disciplined internally No No Disciplined internally No No Disciplined internally No No officer. The officer cited has come forward admitting to doing this. 1 Officer 1 Officer 1 Officer 1 Officer Complainant states that when distributing missing person posters, police allowed for private information such as the persons address, the fact she carries money and is an alcoholic, to be shown on said poster Officer misused Met Police computer systems to submit data protection act requests for a *********** Police investigation. He had no need or authority to make these requests. He requested the resulting information be copied to him without good reason or authority The complainant alleges that the officer has unlawfully obtained both his and his relatives personal details. Complainant states officer revealed matters of a very embarrassing and unproven nature to his parents. 74 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No 1 Officer 1 Officer 1 Officer 1 Officer The complainant states that the officer told his father the details of his bail and states that this is a breach of the Data Protection Act Complainant states that the police informed his employer of his arrest which caused the loss of his employment as a contract cleaner at a school. The officer has supplied a document to a third party which they were not entitled to have, albeit a legal representative for an officer who was subject to a criminal misconduct interview. Furthermore, he is a **************** and should be fully aware that this document is non disclosable and subject to legal privilege. He has no reason to access or obtain this document and indeed, it is clear on the MG3 that this is a report between the Police and the CPS and is Not Disclosable. Officer disclosed confidential information regarding a live misconduct matter 75 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No 1 Officer 1 Officer 1 Officer 1 Officer 1 Civilian 1 Civilian 1 Civilian involving another officer to a third party outside the MPS. Asked another officer to access information, a request which contravened Data Protection Act and MetSec rules. The complainant states that an officer has breached the Data Protection Act and passed sensitive information to an external 3rd party. Complainant states that the officer sent confidential information to his medical school. Failure in duty - officer allowed another officer to use her log on and password to access a computer system to which a data protection act applies Unsatisfactory performance - specifically breaches of the DPA. Not following correct procedure and issuing a police officers private telephone number to a member of the public Improper disclosure of information - Loser of motor vehicle has been 76 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No 1 Civilian 1 Civilian 1 Civilian 1 Civilian 1 Civilian given details of the finder by police, Breaching data protection and complainant’s privacy. The complainant states that a member of police staff breached the data protection by disclosing the name and address of a witness to another witness relating to an offence of residential burglary. Improper disclosure of information Complainant's details were given to the other party concerned, and now (C) fears for her life Claims officer turned his IT unit to the informant’s sister and mother thereby disclosing the details of his caution. His family had been unaware of this matter until this time Allegation of Breach of Data Protection and misuse of PNC. The complainant states his address has been listed on a crime digest, in terms of road name, method and property taken, he is unhappy as he feels this breaches data protection and should not be in the 77 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No public domain. 1 Civilian 1 Civilian 1 Civilian 1 Civilian 1 Officer 1 Officer (C) made a Data Protection Act application and has left messages but has not been updated by the officer It is alleged that the subject breached the Data Protection Act. The complainant states that the ************ gave her details to an alleged victim, this was in breach of the Date Protection Act. Failed to call complaint back as promised and give incorrect advice around the notification of an adult in Police Custody contrary to the Data Protection Act. The complainant states that an officer breached Data Protection and/or Information sharing regulations. Officer obtained information from the CRIS system to which he was not entitled with regard to the investigation of two rapes relating to a **************** and this information was 78 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Resigned during disciplinary Yes No Resigned during disciplinary Yes No 1 Officer 1 Officer passed to an unknown person, both aspects being contrary to section 55 of Data Protection Act 1998. Improper disclosure of information - It is alleged that PC ********* has made reference in media interviews to investigations that he may not have had any professional dealings withthis may have be in breach of data protection laws and principles. Whilst completing a CRIS for theft of M/V at ********** station where the Victim was with other officers, *********** asked the male for his details. The victim provided ******** with his driving license. ******* returned to the office on the *********** where only himself and ********* were sat. ******* apparently found the males name amusing and was laughing and stated 'I NEED TO SEND THIS TO MY FRIEND' ********** has seen ********* take his phone, open to the 'SNAPCHAT' App and point 79 Resigned during disciplinary Yes No Resigned during disciplinary Yes No 1 Norfolk Constabulary 1 Staff 1 Staff 31 2 1 10 Civilian Information not broken down it towards the victims driving license to take a photo. ************* has challenged ********. ********* has advised *********** not to and ************ put his phone away. However ************ was in and out the office and did not have view of ************ at all times. This is a clear breach of data protection, it also falls far below the professional standards of the Metropolitan Police and is an abuse of trust. The subject accepted a Caution on ********* for breaching the Data Protection Act 1998. Accessed personal data on force system for non-policing purpose Accessed force systems without policing purpose and disclosed the information Accessed data systems without a lawful policing purpose Accessed custody record without policing purpose and potentially disclosed the Response notes: 7 Police officers and 8 members of staff were disciplined internally. 80 Resigned during disciplinary Yes No Dismissed No No Dismissed No No Disciplined internally10 No No Disciplined internally No No 1 2 2 2 1 1 1 1 1 1 1 1 11 details to a third party Browsing force systems regarding family/associates Accessed systems to view intelligence records for nonpolicing purpose Accessed systems for nonpolicing purpose Accessed systems to conduct intelligence searches for nonpolicing purpose Disclosure confidential information Accessed systems to conduct intelligence searches on individual and in relation to a specific incident Accessed systems to make intelligence checks for nonpolicing purpose Inappropriately accessed custody records relating to known individuals Utilised personal details for a non-policing purpose Accessed systems for nonpolicing purpose Accessed data held on force system for a non-policing purpose Obtain/disclose personal data Response notes: 2 police officers and 2 members of staff resigned during the disciplinary process. 81 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Resigned during disciplinary process11 Yes No Resigned during disciplinary process Yes No Resigned during Yes No 1 1 1 2 1 1 1 3 North Wales Police 12 25 2 Police 2 Police 1 PCSO from systems relating to intelligence checks Accessed systems to conduct intelligence searches for a non-policing purpose Accessed force systems for non-policing purpose and disclosed the data to a third party Unlawful disclosure of sensitive personal data to another public authority Disclosed sensitive information Viewed police systems without policing purpose Inappropriate searches of force systems in respect of individuals and associated addresses Inappropriately accessed intelligence information relating to known individuals Accessed the custody system and viewed custody records for a non-policing purpose Accessed police info for a nonpolicing purpose. Accessed police info for a nonpolicing purpose. Accessed and disclosed Response notes: 9 police officers and 1 member of staff received no formal disciplinary action. 82 disciplinary process Resigned during disciplinary process Yes No No formal disciplinary action12 No No No formal disciplinary action No No No No No No No formal disciplinary action No No No formal disciplinary action No No No formal disciplinary action No No Final Written Warning No No No No No No No formal disciplinary action No formal disciplinary action Written warning and Management Action Dismissed 1 Civilian 1 Police 1 Civilian 1 Civilian 1 Civilian 1 Police 1 Police 1 Civilian 1 Police 2 Civilian 1 1 Police PCSO several pieces of police information to partner Accessed police info for a nonpolicing purposes. Had unsolicited communication with subjects of the access Accessed police info for a nonpolicing purpose. Accessed police info for a nonpolicing purpose. Accessed police info for a nonpolicing purpose. Accessed police info for a nonpolicing purpose. Had information transcribed by external agency and disclosed personal data in the process Accessed intel relating to criminal offences and disclosed to persons connected to the offences Accessed police info for a nonpolicing purpose Accessed police info and disclosed to partner Accessed police info for a nonpolicing purpose Accessed police info for a nonpolicing purpose Accessed police info for a non83 Final Written Warning extension No No Written warning No No Final Written Warning No No Formal warning No No Verbal warning No No Management Advice No No Prosecuted and found guilty (Retired) No Yes Verbal warning No No Officer was dismissed for other misconduct offence prior to this charge No No No No No No No No Verbal warning Meeting Management Advice Verbal warning 1 Police 1 Civilian 1 Civilian 1 Police 1 Civilian 2 5 1 1 Police 21 8 5 North Yorkshire Police 98 1 7 1 12 1 Refused - S. 40 policing purpose Accessed police info for a nonpolicing purpose Accessed police info for a nonpolicing purpose Accessed police info for a nonpolicing purpose Accessed police info for a nonpolicing purpose Accessed police info for a nonpolicing purpose Accessed police info for a nonpolicing purpose Disclosed police information Disclosed police information Disclosed police information Accessed police systems without a policing purpose Accessed police systems without a policing purpose Accessed police systems without a policing purpose Accessed police systems without a policing purpose Accessed police systems without a policing purpose Loss of insecure memory stick Emailed Restricted/Confidential material to an insecure email address Emailed 84 Not proven Management Action Resigned before charges preferred Dismissed Dismissed No Yes No No No No No No Resigned Meeting Management Advice Management Action Final Written Warning No Further Action Yes No No No No No No No No No Management Action No No Written Warning No No Final Written Warning No No Dismissal No No No Further Action No No Written Warning No No Management Action No No No Further Action No No 1 1 1 1 14 8 1 2 6 Northamptonshire Police 24 1 Staff 1 1 Staff Officer 1 Staff 2 Officer 2 1 Officer Officer 1 14 Officer and Staff Information Restricted/Confidential material to an insecure email address Laptop Stolen Unauthorised use of a Police System Unauthorised use of a Police System Unauthorised use of a Police System Misuse of a Police System Misuse of a Police System Misuse of a Police System Misuse of a Police System Misuse of a Police System Police staff member misuse of force intelligence system. Improper access to force systems Misuse of Police system Improper disclosure of information Improper disclosure of information Improper disclosure of personal information Failure to disclose information Improper disclosure of personal information to a number of parties Information not provided 85 Management Action No No Management Action No No Written Warning No No Dismissal No No Management Action Written Warning Final Written Warning Dismissal No Further Action No No No No No No No No No No Criminal Caution No Yes No No No No No No No No No No No No Disciplined internally Disciplined internally Disciplined internally Disciplined internally Disciplined internally Disciplined internally No Disciplined internally No disciplinary action No No No not provided Northumbria Police Refused - Cost and Time In receipt of 3rd party data about another individual. Inadvertent disclosure of incidents relating to another individual of the same name. Inappropriate Disclosure of Information - Information sent to incorrect recipient. Sent request form re an investigation to the ICO instead of the LA, which outlined the crime. 1 1 Nottinghamshire Police13 Information not broken down 11 1 1 1 13 Inappropriate Disclosure of Information - Disclosure of Third party information to another employee through accessing systems for unauthorised use. Inappropriate Disclosure of Information - Inappropriate disclosure of information to the Universities in Nottingham Inappropriate use of Data Inappropriate use of NHW scheme. Access information Response notes: One further case is still under investigation. 86 On review found to be a genuine mistake Action Memo to PSD re this incident and lessons learned. No No Officer responsible should be given a formal guidance interview by line manager. No No Gross misconduct of staff member Recipient of the information had a duty of care to report it and should be subject to disciplinary for failure to report the DPA breaches. No No Closed and signed off by DCC No No Advice given. Genuine error No No from Neighbour Hood watch scheme. 1 1 Loss / theft of Data - Possible theft of data from Police vehicle - Police information found to be missing from Vehicle Inappropriate use of Data Notification from NCC in respect of whistle-blower report to ICO 1 Disclosure of information was made to Notts County Council instead of Notts City Council however, both have entries for the 'child' and the County Council did confirm incorrectly they had made the request when contact by Police Disclosure Officer who was seeking confirmation. 1 PC disclosed to third party that an individual had previous convictions 1 Inappropriate Disclosure of information - Correspondence from Professional Standards Department to incorrect address 87 Signed off by DCC. Risk assessed. Advice given. No No This has been referred to the ICO No No No No Action send letter from SIRO to Notts County Courts Information Gov. Lead highlighting the need to specify full local authority detail of County Council or City Council to enable us to avoid inadvertent disclosure – Lessons learned discussion with Disclosure Team Officer resigned during the investigation. PSD briefed all staff on ensuring that addresses are accurately recorded and kept up to date. There are now No Yes No No measures in place to send documents with personal and sensitive personal data by recorded or special delivery Inappropriate disclosure of information – PC disclosed information in relation to individuals to third parties 1 14 Police Scotland 14 1 Police Misuse of police systems 1 Police Misuse of police systems 1 Police Misuse of police systems 1 Police Misuse of police systems 12 Police Misuse of police systems 1 Police Misuse of police systems 28 Response notes: Question 5 refused due to cost and time limits. 88 Dismissed gross misconduct Retired prior to completion of misconduct proceedings. Convicted. Resigned prior to completion of misconduct proceedings. Convicted. Police Conduct Regulation - Reduction in rate of pay. Convicted. Police Conduct Regulation Warning. Convicted. Police Conduct Regulation Warning Resigned prior to completion of No No No Yes Yes Yes No Yes No Yes No No Yes No 1 4 1 Police Police Police Staff Misuse of police systems Misuse of police systems Information not provided 1 4 Police Staff Police Staff Information not provided Information not provided Police Service of Northern Ireland South Wales Police misconduct proceedings Police Conduct Regulation - Fine Corrective advice Conviction Employment Terminated Disciplined internally No No No No No Yes No No No No Written Warning No No Subject Resigned during Investigation. Yes No Written Warning No No Written Warning No No Management Advice No No Management Action No No Management Advice No No Subject Resigned Yes No Refused - Cost and Time 1 Police Staff 1 Police Staff 1 Constable 1 Constable 1 Police Staff 1 Constable 1 Constable 1 Police Staff 67 The subject inappropriately accessed relatives on system. The subject inappropriately accessed records of associates. The subject inappropriately accessed the record of an associate. The subject inappropriately accessed their former partner’s details. The subject inappropriately accessed a system record pertaining to a relative. The subject inappropriately printed a copy of an incident pertaining to theirself. The subject researched a family member without authorisation. The subject inappropriately 89 1 Police Staff 1 Constable 1 Constable 1 Police Staff 1 Constable 1 Sergeant 1 Police Staff 1 Constable 1 Police Staff accessed records of their partner. The subject checked the database regarding an associate. Personnel member requested information not for a Policing Purpose. The subject inappropriately accessed the record of a personal matter not pertaining to their police duties. The subject inappropriately accessed the record of a family member. The subject was alleged to be inappropriately accessing and disclosing police information to an associate. The subject inappropriately accessed a record pertaining to a relative. The subject inappropriately accessed records pertaining to associates / premises. The subject made an inappropriate disclosure during a telephone conversation with a third party The subject conducted unauthorised searches on an 90 during Investigation Subject Resigned during Investigation Yes No Management Action No No Written Warning No No Subject Resigned during Investigation Yes No Subject Resigned during Investigation. Yes No Management Action No No Subject Resigned during Investigation. Yes No Management Action No No Written Warning No No 1 Constable 1 Police Staff 1 Police Staff 1 Constable 1 Constable 1 Police Staff 1 Constable 1 Constable 1 Constable 1 Constable 1 Staff associate. The subject inappropriately accessed the system records of family members. The subject conducted an unauthorised search on an associate. Personnel member made unauthorised amendments to a record. The subject inappropriately accessed records pertaining to their partner. The subject conducted unauthorised searches on family members. The subject accessed a record pertaining to theirself. The subject accessed the record of an associate for other than a policing purpose. The subject inappropriately accessed the record of a family member. The subject accessed and disclosed restricted information. The subject conducted checks on associates for other than a policing purpose. The subject checked a third party on a database not for a Policing Purpose 91 Management Action No No Written Warning No No Subject Resigned during Investigation Yes No Written Warning No No Management Action No No Management Action No No Written Warning No No Management Action No No Dismissal Without Notice. Criminal caution given No No Management Action No No Management Action No No 1 Police Staff 1 Constable 1 Police Staff 1 Constable 1 Police Staff 1 Police Staff 1 Police Staff 1 Police Staff 1 Constable The subject made improper comments to an associate. The subject accessed a record without authorisation to do so. The subject made unauthorised checks on associates for a non-Policing purpose. The subject made unauthorised access to records. The subject accessed the record of an associate without authorisation. The subject accessed records of incidents without authorisation to do so. The subject accessed records of their former partner without authorisation. The subject accessed the record of a family member without authorisation. The subject inappropriately made access to their partner’s record without authorisation. 1 Constable Officer accessed records for a non-policing purpose / in breach of force policy. 1 Constable Officer accessed records for a non-policing purpose / in 92 Subject Dismissed from SWP No No Management Action No No Subject Dismissed from SWP No No Management Advice No No Subject Resigned during Investigation Yes No Final Written Warning No No Management Action No No Final Written Warning No No Management Action No No Yes Yes No No Resigned during Investigation, processed and convicted criminally. (Allegation a component of a multi- breach of force policy. 1 Constable 1 Staff 1 Staff 1 Police Staff 1 Police Officer 1 Police Staff 1 Constable 1 Police Staff 1 Police Staff 1 Police Staff Officer accessed records for a non-policing purpose / in breach of force policy. Made comments in public regarding an individual's criminal status that were not appropriate for disclosure. Made comments in public regarding their duties that were a breach of confidentiality. Staff member accessed information for reasons other than Policing Purpose Did not secure sensitive interview discs relating to an inquiry, leading to their loss. Accessed the data record of a colleague without a Policing Purpose. Accessed records relating to a relative without a Policing purpose. Accessed record relating to a family member without a Policing Purpose. Accessed the record of a relative without a Policing purpose. Resigned during Investigation 93 tier case) Dismissal without Notice Final Written Warning No No Management Action No No Management Action No No First Written Warning No No Management Action No No Final Written Warning No No Resigned during Investigation Yes No Management Action No No Written Warning No No Resigned during Investigation Yes No 1 Police Staff 1 Police Staff 1 Police Staff 1 Constable 1 Constable 1 Constable 1 Police Staff 1 Constable Inadvertently verbally disclosed information relating to a MOP's private life during an inquiry. Accessed the record of her partner without a policing purpose. Accessed the records of family members without a Policing Purpose, and spoke indiscreetly and without due caution to Data Protection when in public. Accessed the record of his partner and home location without a Policing Purpose. The subject accessed the records of the partner of a relative without a Policing purpose, this was linked to an ongoing welfare concern and the subject believed it was within the Purpose criteria. Management Action given. Subject looked at the record of an associate without a Policing purpose. Browsed' records on a police system without a Policing Purpose. Made multiple disclosures of protected information to a relative, he received criminal 94 Management Action No No Written Warning No No Written Warning No No Management Action No No Management Action No No Management Action No No Written Warning No No Dismissal without Notice. Criminal caution given. No No 1 Constable 1 Police Staff 1 Constable 1 Special Constable 1 Constable 1 Constable 1 Constable 1 Constable 1 Police Staff 1 Police Staff caution. Disclosed Police information to her partner. Photographed and disseminated restricted documentation for personal gain. Accessed records of relatives without a Policing Purpose. Made a comment on a social networking site which could potentially have breached confidentiality. Property was returned to the relative of a detainee that contained personal information. Accessed the record of his partner without a Policing Purpose to do so. Disclosed the results of a medical report to Next of Kin without the FLO's consent. Accessed information relating to former partner without a Policing Purpose. Sent an email to colleagues without first removing a sensitive attached document from the email chain. Checked partner on a police database without a policing purpose. 95 Management Action No No Dismissal without Notice No No Management Action No No Management Action No No Management Action No No Written Warning No No Management Action No No Management Action No No Management Action No No Written Warning No No South Yorkshire Police 50 1 Officer 1 Staff 1 Staff 1 Staff 1 Staff 1 Officer 1 Officer 1 Staff 2 Officer 1 Officer 1 Officer Accessed information not in the course of his/her duties. Accessed policing system for non-policing purpose and disclosed personal information It was alleged that the member of staff might have passed information to a third party. Conducted a police check for a non-policing purpose. Accessed police systems for non-policing purposes. Conducted police checks for a non-policing purpose Accessed systems for nonpolicing purposes. Carried out checks on policing system for no policing purposes Accessed police system for non-policing purpose Allegation that an Officer has accessed policing systems and disclosed Complainant’s confidential information to another Allegation that an Officer has accessed policing systems and inappropriately disclosed Complainant’s data to a third party. 96 Guilty plea - fine, surcharge & costs No Yes Caution No No Attended Misconduct Hearing and dismissed No No Written Warning No No Written Warning No No Final Written Warning No No Written Warning No No Written Warning No No Final Written Warning No No Final Written Warning No No Final Written Warning No No 1 Officer 1 Officer 2 Officer 1 Staff 1 Staff 1 Officer 2 Officer 1 Officer 1 Officer 1 Officer Allegation that an Officer used a police system to obtain personal information about Complainant for a nonpolicing purpose The officer is believed to have disclosed information relating to policing tactics and utilised police systems for a nonpolicing purpose when conducting checks. The officer accessed information for a non-policing purpose The member of staff accessed Complainant’s information on police system, for a nonpolicing purpose. Released an incorrect ‘suspect’ image via Media Used policing systems for a non-policing purpose. The Officer did not have a legitimate policing purpose for conducting a vehicle check The Officer used police systems for non-policing purposes. The Officer accessed police system for a non-policing purpose. It is alleged that the Officer used a policing system for a 97 Final Written warning No No Resigned during disciplinary procedures Yes No Resigned during disciplinary procedures Yes No Resigned during disciplinary procedures Yes No Management Advice No No Management Advice No No Negative Personal Development Journal No No Management advice No No No action No No Management advice No No 1 Officer 1 Officer 1 Officer 1 Staff 1 Officer 1 Special Constable 1 Officer 1 Staff 1 Staff 1 Officer no policing purpose It is alleged that whilst off duty, an Officer has used mobile device to conduct a check on a vehicle. Allegation that an Officer has used police systems for no policing purpose. Officer failed to maintain proper control of hardcopy paperwork extracted from a policing system. The failure allowed personal data to be accessed by third party. Accessed police systems for a non-policing purpose Accessed police systems for a non-policing purpose Accessed police systems for a non-policing purpose Accessed police systems with no legitimate reason for doing so It is alleged that the member of Staff accessed police systems for a non-policing purpose It is alleged that the member of Staff used police systems for a non-policing purpose. It is alleged that the Officer passed confidential information obtained from 98 Advice given No No Negative Personal Development Journal No No Negative Personal Development Journal No No No action No No Negative Personal Development journal No No No action No No Advice given No No No Action No No Advice given No No No action No No 1 Officer 1 Officer 1 Staff 1 Officer 1 Officer 1 Officer 1 Officer 1 Officer police systems to a third party. The Officer is alleged to have communicated information gained due to his/her role, outside of the organisation It is alleged that the Officer used police systems for a no policing purpose An allegation that a member of Staff has disclosed the Complainant’s information, which is inaccurate, to the media The complainant alleges that the police have passed his/her address to a third party An allegation that the Officer disclosed personal information about the Complainant to his/her neighbour. An allegation that the Officer has divulged the Complainant’s personal information to a third party. An allegation that the Officer improperly disclosed information regarding the Complainant, whilst in public place An allegation that the Officer disclosed confidential 99 Advice given No No Advice given No No No action No No No action No No No action No No No Action No No No Action No No No action No No Staffordshire Police 31 1 Officer 1 Staff 1 Officer 1 Officer 1 Officer 2 Officer 1 Officer 4 Police officer information about a family member to third parties. An allegation that the Officer has passed the Complainant’s address/phone number to a third party. An allegation that personal data was inappropriately disclosed to the Complainant’s employer. An allegation that the Officer disclosed personal data for no legitimate purpose. An allegation that the Officer inappropriately passed Complainant’s information on to a third party An allegation that the Officer has passed the Complainant’s personal information about him to third parties. An allegation that Officers inappropriately discussed/disclosed the Complainant’s personal information to a third party. An allegation that the Officer inappropriately disclosed information regarding individuals within the Complainant’s vicinity Accessed internal systems for non-police purpose 100 No Action No No No Action No No No Action No No No Action No No No Action No No No Action No No No Action No No Disciplined internally No No 1 Police officer 1 Police officer 1 Police officer 2 Police officer 1 Police staff 1 Police staff 1 Police officer 1 Police officer 1 Police officer 1 Police officer 1 Police officer 1 Police officer Allowed another person access to sensitive documents/photographs Accessed internal record of former colleague Information from police system passed to another person Accessed internal systems for non-police purpose Inadvertently allowed another person view of confidential paperwork Accessed information relating to an individual Used position to obtain and provide information to another person Accessed information and disclosed to another person Accessed police information without lawful purpose Inappropriate use of police systems Accessed internal system and viewed records without police purpose Accessed internal system to gather information without police purpose 101 Disciplined internally No No Disciplined internally No No Disciplined internally No No Resigned during disciplinary procedure Yes No Management advice given No No Resigned during disciplinary procedure Yes No Disciplined internally No No Disciplined internally No No Convicted for breaches of Data Protection Act 1998. Employment terminated. No No Disciplined internally No No Disciplined internally No No Disciplined internally No No 1 Police officer 1 Police officer 1 Police staff 1 Police officer 1 Police staff 1 Police staff 1 Police staff 1 Police officer 1 Police staff 1 Police staff Attempt to coerce other staff members to access internal information for non-police purpose Disclosed information to another person Accessed internal records for personal interest Permitted another individual to access police systems Accessed information and may have disclosed to another person Unauthorised disclosure to third party Access IT systems for nonpolice purpose Disclosed confidential/tactical information to another person Access internal systems for non-police purpose Viewed internal systems for non-policing purpose 1 Police officer Disclosed confidential information to another person 1 Police officer Lost bodycam 1 Police staff 1 Police staff Inadvertently emailed attachment to third party Inadvertently provided 102 Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Resigned during disciplinary procedure Yes No Information not provided No No Disciplined internally No No Disciplined internally No No Resigned during disciplinary procedure Yes No Disciplined internally No No Convicted for breaches of Data Protection Act 1998. Employment terminated. No No No No No No No No Management advice given Management advice given Management advice 1 1 1 2 1 Suffolk Constabulary 27 1 1 1 2 1 1 Information not broken down confidential information to a third party Accessed systems without a legitimate policing purpose Obtaining/disclosing personal data Accessed systems for a nonpolicing purpose Accessed force systems for a non-policing purpose Accessed and disclosed information gained from force systems for non-policing purpose Unlawfully accessed force systems viewing data Accessed force systems for non-policing purpose. Sent internal email to a colleague with reference to an arrest which has no policing purpose. Accessed force systems to conduct intelligence searches for a non-policing purpose Accessed force systems to search criminal records for a non-policing purpose Accessed force systems to 15 Response notes: 2 police officers and 1 member of staff were convicted. Response notes: 1 police officer and 2 members of staff were dismissed. 17 Response notes: 4 police officers and 4 members of staff were disciplined internally. 16 103 given Convicted15 No Yes Convicted No Yes Convicted No Yes Dismissed16 No No Dismissed No No Disciplined internally17 No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No Disciplined internally No No 1 1 1 1 1 2 1 1 1 1 18 Police obtain data for a non-policing purpose. Accessed force systems to obtain confidential data Accessed crimes and other force systems for non-policing purpose and relayed information to a named nominal Accessed force system records for non-policing purpose Disclosed sensitive data to members of the of the public and researched systems for non-policing purpose Improper disclosure of information Accessed police records for non-policing purpose Accessed force systems for non-policing purpose Accessed force systems to conduct intelligence searches for non-policing purpose Accessed and disclosed information obtained from force systems without policing purpose Disclosed personal information to complainant’s employer Response notes: 5 police officers and 3 members of staff resigned during disciplinary proceedings. 104 Disciplined internally No No Resigned during disciplinary18 Yes No Resigned during disciplinary Yes Resigned during disciplinary Yes Resigned during disciplinary Resigned during disciplinary Resigned during disciplinary Yes Resigned during disciplinary Yes Resigned during disciplinary Yes No disciplinary action No Yes Yes No No No No No No No No Surrey Police 1 Police 1 Police 1 Police 1 Police 1 Police 2 Civilian 2 Police 202 5 Civilian Civilian 2 Civilian 1 21 Police Accessed force intelligence systems for non-policing purpose Accessed force systems for non-policing purpose Made disclosure of information to a third person Improper disclosure of information Accessed force systems for non-policing purpose Accessing police systems without a policing purpose. Personal details and linked police reports. Inappropriately sharing information with a third party. Operational deployments, availability of equipment and training details. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Vehicle and user information. Accessing police systems without a policing purpose. 105 No disciplinary action No No No disciplinary action No No No disciplinary action No No No disciplinary action No No No disciplinary action No No Live investigation N/A N/A Live investigation N/A N/A First Written Warning No No Not proven No No Final Written Warning No No Management Advice No No Police 12 Civilian 1 Police 3 Police 1 Police 6 1 Police Police 17 Police 4 1 Police Personal details and linked police reports. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. Personal details and linked police reports. Inappropriately sharing information relating to operational policing. Name, location and description of police business. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Crime report. Accessing police systems 106 Written Warning No No No action No No No action No No Management Action No No Final Written Warning No No Dismissed No No Dismissed No No Management Advice No No Dismissed No No Police 4 Police 1 Police 12 Civilian 10 Police 5 Civilian 7 Civilian 1 Civilian 1 4 Civilian without a policing purpose. Crime report. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. Crime report. Accessing systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Crime report. Using police systems under another person’s details. Personal details and linked police reports. Accessing police systems without a policing purpose. Personal details and linked 107 No action No No Not proven No No Management Intervention No No Dismissed No No Written Warning No No Resigned Yes No Resigned Yes No Resigned Yes No Final Written Warning Extension No No Police 2 Police 30 Police 2 1 Civilian Civilian 1 Civilian 1 Civilian 1 Police 3 8 Civilian police reports. Accessing systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Personal details and linked police reports. Accessing systems without a policing purpose. Personal details and linked police reports. Accessing systems without a policing purpose. Personal details and linked police reports. Inappropriately sharing information with a third party. Identity of detained person. Inappropriately sharing information with a third party. Information of an alleged previous conviction Accessing systems without a policing purpose. Personal details and linked police reports. Accessing systems without a policing purpose. Records of crime and nominals in the area Accessing systems without a 108 First Written Warning No No Management Intervention No No Retired No No Formal Verbal Warning No No Written Warning No No Final Written Warning No No Final Written Warning No No Management Intervention No No No action No No 1 Civilian 1 Civilian 1 Police 1 Civilian 1 Civilian 1 Police 13 Civilian 4 Civilian 1 Civilian policing purpose. Personal details and linked police reports. Accessing systems without a policing purpose. Personal details and linked police reports. Accessing police systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. Personal details and call logs Inappropriately sharing information with a third party. Vehicle owner and insurance details. Accessing systems without a policing purpose. Personal details and linked police reports. Accessing systems without a policing purpose. Personal details and linked police reports. Accessing systems without a policing purpose. Crime report. Accessing police systems without a policing purpose. 109 Management Action No No Management Action No No Management Action No No Management Action No No Management Action No No Management Action No No Management Intervention No No Management Intervention No No Management Intervention No No 1 1 Sussex Police 63 Police Civilian 1 Police 1 Police 1 Civilian 6 Civilian 10 Civilian 8 Civilian 15 Civilian 4 Civilian Vehicle owner and insurance details Sending information to an insecure email address. Probationer documents. Disclosure of information in court. Financial information. Operational information left at the home address of a member of the public. Operational information. Operational information left at the home address of a member of the public. Information relating to an investigation. Information accidentally shared with a third party via email. Confidential information. Information cannot be provided Information cannot be provided Information cannot be provided Information cannot be provided Information cannot be provided 110 Management Intervention No No Unknown - Training package created handling of information. No No Information not provided No No Management Action No No Words of Advice No No No No No No Yes No No No N/A N/A Dismissed Disciplinary sanction Resigned No disciplinary action Case ongoing 1 1 1 1 1 1 Police Police Police Police Police Police Officer has made unlawful access to IT systems for personal reasons Officer inappropriately accessed police computer systems in order to response to a query from a friend involved in the matter Officer made inappropriate access to personal records contained within the crime and intelligence management system without a genuine policing purpose Officer made unlawful access to a report. It is believed this was for personal reasons. Officer conducted a check on the Police National Computer on his personal vehicle, that was assessed as not for lawful policing purposes, but for personal reasons Officer undertook a number of enquiries on police computer systems without appropriate purpose or authority and disclosed personal information related to the suspect. 111 Officer pleaded guilty at court and was fined. Officer resigned from Sussex Police Yes Yes Officer dismissed without notice following misconduct hearing No No Officer appeared before a misconduct hearing - Not proved no further action No No Officer attended a misconduct meeting Proven - received a written warning No No Officer attended a misconduct meeting Proven - received management advice No No Officer attended a misconduct meeting Proven - received a written warning No No 1 1 1 1 1 1 Police Police Police Police Police Police Officer inappropriately accessed IT systems in relation to a crime where the officer was recorded as he victim. The access was unlawful and for personal reasons. Officer has, on multiple occasions, accessed police data relation to a neighbour dispute without legitimate purpose. Officer accessed a number of documents on an IT system linked to the victim. This was not for a policing purpose. Officer accessed police IT systems, namely to search details of 4 people and an address, without lawful policing purpose. Officer accessed computer records, following a separate investigation, for the subject of that investigation at a later date without legitimate policing purpose Officer made a series of entries to a computer system in order to identify a record relating to a relative and then re-accessed a report of an investigation of assault, again relating to the relative. This 112 Officer attended a misconduct meeting Proven - received a written warning No No Officer attended a misconduct meeting Proven - received a written warning No No Officer attended a misconduct meeting Proven - received a final written warning No No Officer attended a misconduct meeting Proven - received a written warning No No Officer attended a misconduct meeting Proven - received management advice No No Officer attended a misconduct meeting Proven - received a written warning No No access was made for nonpolicing purpose and without lawful authority. 1 Police 1 Police 1 1 Police Police 1 Police 1 Police Officer accessed IT systems for personal reasons regarding a reported theft where the officer was the victim. Officer accessed nominal records relating to a member of public without a lawful purpose. Officer has, on multiple occasions, accessed police systems in relation to a personal friend and ex-partner without legitimate policing purpose. Officer accessed personal data on a police IT system for a non-authorised purpose. Officer also, on multiple occasions, accessed police data regarding incidents at their home address via a search. Officer accessed police databases to obtain personal information relating to a complainant Officer conducted a check on the Police National Computer in the absence of a lawful 113 Officer attended a misconduct meeting Proven - received a final written warning Officer attended a misconduct meeting Proven - received a final written warning No No No No Officer attended a misconduct meeting Proven - no further action No No Officer attended a misconduct meeting Proven on both counts - received management advice and a written warning No No No No No No Officer attended a misconduct meeting Proven - received a written warning Officer attended a misconduct meeting Proven - received a 1 1 Police Police Thames Valley Police Warwickshire Police policing purpose. written warning Officer unlawfully accessed databases and further accessed the address record of a member of public. Officer inappropriately accessed computer systems to obtain address details of a complainant and disclosed the information to a family member. Officer attended a misconduct meeting Proven - received a final written warning No No Officer attended a misconduct meeting Proven - received management advice No No Management advice given No No Final Written Warning No No No No No Yes No No No No No No Refused - Cost and Time 17 1 Police Officer 1 Civilian 1 Civilian 1 Police Office 1 Civilian 1 1 Civilian Officer Alleges inappropriate disclosure of personal information to third party Disclosure of confidential information via email to a computer not on a secure network Reviewed information on force systems not for policing purpose Unauthorised Police National Computer checks Alleged divulgence of personal information where others could hear Inappropriate disclosure of information. Alleged divulgence of personal 114 Verbal Warning Dismissed and convicted First Written Warning Informal Action Local Resolution - by West Mercia Constabulary 73 1 Officer 1 Officer 2 Officer 4 Officer 1 Civilian 1 Officer 1 Police 1 Police 1 Police 2 Civilian 1 Police 1 Police 1 Civilian information where others could hear Alleged divulgence of personal information where others could hear Alleged divulgence of personal information to third party Alleged divulgence of personal information to third party Alleged divulgence of personal information to third party Alleged divulgence of personal information to third party Reviewed information on force systems not for policing purpose Misusing police systems in order to supply a member of the public Personal checks on police systems Breach of data protection Accessed force systems to check and individual. Not done for a policing purpose Accessed force systems to check and individual. Not done for a policing purpose Requests for a PNC check, not for a policing purpose. Police data access was for a non-policing purpose. 115 Division Local Resolution - by Division Dispensation - by Force Local Resolution - by Division No No No No No No No No No No Management Action Misconduct No No Management Advice No No Dismissed No No Final Written Warning No No Verbal Warning No No Dismissed No No Written Warning No No Final Written Warning No No Management Action Management Action 1 Police 1 Police 1 Civilian 1 Police 1 Civilian 1 Civilian 1 Police 1 Civilian 1 Police 1 Police 1 Police 1 Police 1 Civilian Accessed information from GENIE and passed it on Accessing logs and records for a non-policing purpose Accessing logs and records for a non-policing purpose Accessed force systems to check an individual/s. Not done for a policing purpose. Not all OIS use had been conducted for a policing purpose Issues relating misuse of computer systems. OIS logs have been accessed by the officer for non-policing purposes. Accessing logs for a nonpolicing purpose Accessed force systems to check an individual. Not done for a policing purpose. West Mercia Police documents recovered from an address Accessed force systems to check an individual. Not done for a policing purpose. Breached Data Protection act and passed information to outside individual. Accessed GENIE data on known nominals which may 116 Management Advice No No Management Advice No No Final Written Warning No No Management Advice No No Final Written Warning No No First Written Warning No No Final Written Warning No No Final Written Warning No No Management Advice No No Written Warning No No Written Warning No No Written Warning No No Final Written Warning No No 1 Police 1 Civilian 1 Civilian 1 Civilian 1 Police 1 Police 1 Police 1 Police 1 Civilian 1 Police 2 Civilian have been for a non-policing purpose Checks on Genie not for a policing purpose System audits suggest that individual has accessed police information for non-policing purposes Accessed force systems. Not done for a policing purpose. 19 separate Data Protection Act offences for a period Accessed force systems. Not done for a policing purpose. Use of QAS for a non-policing purpose Genie check on officer’s niece. Accessed force systems to check an individual. Not done for a policing purpose. There is information to suggest that a member of Police Staff has tried to obtain details from Police systems through a colleague that was not for a policing purpose. Evidence suggests the officer may have accessed force systems without a policing purpose. Accessing logs for a nonpolicing purpose 117 Dismissed No No Verbal Warning No No First Written Warning No No Dismissed and cautioned No No Written Warning No No No No No No Management Advice No No First Written Warning No No Final Written Warning No No Retired/Resigned Yes No Dismissal Without Notice Final Written Warning 1 Civilian 1 Police 1 Police 1 Civilian 1 Police 4 Police 1 Police 1 Police 1 Police 3 Police 2 Police 3 Police 1 Civilian Incorrect copying and distributing of CCTV footage Accessed force systems to check an individual/s. Not done for a policing purpose Personal information has been passed to third parties Breach of Confidentiality and Data Protection A disclosure made within the sight and hearing of complainants family member Inappropriate disclosure of information Information has been inappropriately collated and disclosed. WMP sent out another's convictions and fines. Officer has breached confidentiality by disclosing address inappropriately breach of data protection Accessed force systems to check an individual/s. Not done for a policing purpose. Complaint police officers have disclosed to others they have reported a person for offence/s Information was disclosed, that complainant felt to be 118 Retired/Resigned Yes No Retired/Resigned Yes No No No No No Local Resolution - by Division No No Local Resolution - by Division No No Management Action Misconduct No No Local Resolution - by Division No No Local Resolution - by Division No No Local Resolution - by Division No No Local Resolution - by Division No No Local Resolution - by Division No No Local Resolution - by Division No No Local Resolution - by Division Local Resolution - by Division 1 Civilian 1 Police 1 Police 2 Police 1 Civilian 1 Civilian 1 Police 1 Civilian 1 Civilian 1 Police 1 Police 3 Police inappropriate and unnecessary. Inappropriate disclosure of information Data may have been compromised through being filmed and transmitted. Genie record accessed for a non-policing purpose Accessed genie data on themselves. Not for a policing purpose. Accessed force systems to check an individual/s. Not done for a policing purpose. Inappropriate circulation of personal information. Inappropriate circulation of police information Access of employee/s personal information for nonpolicing purpose Disclosure of information to a third party that may have come from force systems. Accessed a Genie record with no policing purpose. Data protection offence. Inappropriate possession of investigation material Accessed force systems to check an individual/s. Not done for a policing purpose. 119 Management Action/Informal Action No No Local Resolution - by Division No No Management Action No No Management Action No No No No No No Management Action No No Management Action/ Informal Action No No Management Action/ Informal Action No No Management Action No No Management Action No No No action No No Management Action/Informal Action/ UPP Management Action/Informal Action 1 Civilian 2 Civilian 1 Police 1 Police 8 West Midlands Police 488 Police Inappropriate disclosure of address Accessed force systems to check an individual/s. Not done for a policing purpose. Inappropriate disclosure of investigation details Accessed force systems to check an individual/s. Not done for a policing purpose. 07 Confidentiality 3 Police 07 Confidentiality 7 Police 07 Confidentiality 4 Police 07 Confidentiality 7 49 38 2 Police Police Police Police 07 Confidentiality 07 Confidentiality 07 Confidentiality 07 Confidentiality 1 CIV 07 Confidentiality 1 CIV 07 Confidentiality 120 Management Action/ Informal Action No No Management Action/ Informal Action No No Management Action/ UPP No No Management Action No No Formal Action. Dismissal Without Notice. Formal Action. Dismissal Without Notice. Criminal Conviction. Formal Action. Final Written Warning. Formal Action. Management Advice. Formal Action. Written Warning. Management Action No Action Retired/Resigned Dismissal Without Notice. Criminal Conviction. Formal Action. Compulsory redundancy. No No Yes No No No No No No No No Yes No No No No Yes No No 2 1 CIV CIV 07 Confidentiality 07 Confidentiality 1 CIV 07 Confidentiality 2 CIV 07 Confidentiality 3 CIV 07 Confidentiality 2 CIV 07 Confidentiality 2 12 17 CIV CIV CIV 07 Confidentiality 07 Confidentiality 07 Confidentiality 1 1 CIV CIV 07 Confidentiality 07 Confidentiality 1 2 PCSO PCSO 07 Confidentiality 07 Confidentiality 1 2 5 PCSO PCSO Police 07 Confidentiality 07 Confidentiality Improper disclosure of 121 Formal Action. Dismissal Without Notice. Formal Action. Dismissal Without Notice. Criminal Conviction. Formal Action. Final Written Warning Extension. Formal Action. Final Written Warning. Formal Action. No Action Formal Action. Required to resign. Formal Action. Written Warning. Management Action No Action No Action. Resigned. Criminal Conviction. Retired/Resigned Formal Action. Dismissal Without Notice. Criminal Conviction. Management Action Management Action. Management Advice. No Action Case to Answer. No No No Yes No No No No No No Yes No No No No No No No Yes Yes Yes No No Yes No No No No No No No No 9 Police 4 Police 2 Police 2 Police 2 Police 23 Police 7 Police 6 Police information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information 1 Police 1 Police Improper disclosure of information Improper disclosure of information Police Improper disclosure of information 7 4 Police 2 Police 54 Police Improper disclosure of information Improper disclosure of information Improper disclosure of information 122 Formal Action Case to Answer. Management Action. Dispensation - by IPCC. No Action Discontinued - by Force. No Action. Disapplication - by Force. No Action. Formal Action. Case to Answer. Local Resolution - by Division. No Action. Local Resolution - by PSD. No Action Management Action. Case to Answer. Management Action. Local Resolution - by Division. Management Action. No Case to Answer. No Action. Disapplication - by Force. No Action. Local Resolution - by Division. No Action. Local Resolution - by PSD. No Action. No Case to Answer. No No No No No No No No No No No No No No No No No No No No No No No No No No No No 4 Police 8 Police 116 Police 2 Police 2 Police 8 Police 3 Police 6 Police 1 N/S 3 N/S 1 CIV 1 CIV 1 CIV 1 CIV 5 2 CIV CIV Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of 123 No Action. Withdrawn - by Force. No Case to Answer. Management Action. No Case to Answer. No Action. Substantiated. Management Action. Unsubstantiated. No Action. Withdrawn - by Force. No Action. Withdrawn - Not proceeded with. No Action. Withdrawn. No Action. No Case to Answer. No Action. Unsubstantiated. No Action. Case to Answer. No Action. Case to Answer. Retired/Resigned. Disapplication - by Force. No Action. Management Action. Case to Answer. No Action. No Case to Answer. No Action. Withdrawn No No No No No No No No No No No No No No No No No No No No No No Yes No No No No No No No No No 3 CIV 11 CIV 1 PCSO 1 PCSO 1 PCSO 1 PCSO 6 PCSO 1 1 PCSO Police 6 5 Information not broken down 1 West Yorkshire Police 58 information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Improper disclosure of information Information not provided Accessing a police system for personal reasons Inappropriate disclosure of information Charged with sec 55 DPA 1 Police Information not provided 1 Police Support Staff Information not provided 1 Police Unidentified officer leaves paper file containing sensitive 124 - by Force. No Case to Answer. Management Action. No Case to Answer. No Action. Local Resolution - by Division. Management Action. Local Resolution - by Division. No Action. Local Resolution - by PSD. No Action. No Action. Withdrawn - by Force. No Case to Answer. No Action. Withdrawn - by Force. No Action. Conviction No No No No No No No No No No No No No No No No No Yes Disciplined internally No No Disciplined internally No No Disciplined internally Resigned during disciplinary proceedings Resigned during disciplinary proceedings None - Officer unidentified. Not No No Yes No Yes No No No data in raided property 1 Civilian 1 N/A 1 Information not provided 1 Police Approved disclosure information had been applied to an application which was in fact information belonging to another applicant. This information was disclose by police staff employee. A technical issue on the computer database led to the accidental disclosure of information Post Mortem report sent from Coroner's Office to wrong address Inappropriate comments made by unknown officer on NPT Twitter account Officer makes unauthorised disclosure to Service having assumed nominal's employment as notifiable. 1 Police 1 Information not provided Refused under Section 40(2). Information not provided OIC in requests partial medical records from victim's GP but receives full records. These are later sent to the defence team as unused evidence. 1 125 reported to ICO Words of advice given. Reported to ICO. No No System upgraded and the issue rectified. Reported to ICO No No Words of advice given. Not reported to ICO. No No Dealt with at Division and content removed. Not reported to ICO. No No No No No No No No Written apologies sent to complainant and to his employer. Reported to ICO. Management action. Not reported to ICO. Advice given. Reported to ICO. 1 1 Information not provided WYP employee finds hardcopy email including victim personal details in litter bin Advice given. Reported to ICO. No No Information not provided Staff member on inadvertently sends wrong person details to practitioner under ISA arrangement. Data had already been disclosed. Error noticed by recipient, correspondence deleted and WYP advised. No No Personal data removed. Not reported to ICO. No No Correct contact details to be circulated. Not reported to ICO. No No Advice given. Not reported to ICO. No No Recipient contacted immediately and requested to delete e- No No 1 Information not provided 1 Information not provided 1 Civilian 1 Civilian OHU publish an anonymised Injury on Duty analysis spreadsheet on the Intranet. A fortnight later it is found that full personal details can be viewed via a "Data" tab on the toolbar. Reviewing Officer inadvertently sends unredacted copy of employee's complaint concerning another employee to the wrong "Information" mailbox Civilian Employee sends out Business Interests email to 30 employees but fails to use the bcc facility, resulting in advisory comment from one recipient Member of staff releases data to wrong email address. Reported 126 1 Information not provided 1 Civilian 1 Civilian 1 Civilian October 2013 mail. Person alleges that custody record has been sent in error and a breach of data protection. Dealt with at Divisional HR, management advice given. Not reported to ICO. No No Advice given. Not reported to ICO. No No Advice given. Not reported to the ICO. No No Advice given. Not reported to the ICO. No No Members of staff release data to wrong email address. Individual notified by letter with explanation and apology. Reported November 2013 Member of staff releases data to wrong email address. Individual notified the unit immediately stating that had opened but as soon as realised not for them deleted. Individual notified by letter with explanation and apology. Reported November 2013. Member of staff releases data to wrong address. Identified when HR followed suit and sent a letter to wrong address. 127 1 Information not provided 1 Police 1 Civilian 1 Civilian 1 Civilian 1 Civilian Complainant makes an anonymous report provided to solicitors and they have identified the complainant is the source of information. Detention officer disclosed information to a third party requested a check about a friend. Member of staff releases data to wrong individuals e-mail address. Members of staff release data to wrong HR cluster e-mail. Individual notified by letter with explanation and apology. E-mail the Security Industry Authority for them to double check their register, included that the subject of the enquiry had been charged with an offence of on risk assessment was found to be nondisclosable Member of staff e-mailed an ex-employee some manual payslips inadvertently emailed a number of other worksheets within that file 128 Management action, words of advice given. Not reported to ICO. No No Resigned. Not reported to ICO. Yes No Advice given. Not reported to the ICO. No No Advice given. Not reported to the ICO. No No Advice given. Not reported to the ICO. No No ICO referral management advice given to member of staff. No No 1 Civilian 1 Information not provided 1 Police 1 Information not provided Whilst on a routine premises check a member of estates staff locates a box of paperwork in the kitchen area of location, upon inspection this is found to have personal information within it. Box is brought to Information Security and is stored in locked unit. Report was inadvertently sent to a Director within another Department. Police Constable informed a complainant, was in hospital. Whilst this matter was disclosed with the best of intention it does constitute a breach of the DPA in that sensitive personal data in the form of his physical wellbeing has been disclosed without his express consent. Blanket email sent to 43 x complainants linked to a crime, detailing a Crime Number. The email also displayed the current email addresses of all the other reciprocates. 129 Box sent to storage. Not reported to ICO. No No Words of advice given. Not reported to ICO. No No Advice given. Reported to ICO. No No Management action. Reported to ICO. No No 1 Information not provided 1 Information not provided 1 1 1 Information not provided Information not provided PCSO Disclosure report sent via secure email to wrong partner agency. Personal details in relation to a linked home address, were released to a local MP Crime scene. Images had been sent to officers family Admin staff at sent a report to the wrong line manager. PCSO has disclosed information about to colleagues 1 Information not provided OHU Information was released to line manager prior to the subject receiving the information 1 Information not provided OHU report regarding a member of staff was sent to the wrong HR Cluster. 1 Information not provided Report was accidentally sent out regarding an officer prior to its release date. 1 Information not provided staff member reported that a report had accidentally been sent to the wrong HR. 1 Information OHU report sent to the wrong 130 Advice given. Not reported to ICO. No No Advice given. Not reported to ICO. No No No No No No No No No No No No No No No No No No Final Written Warning. Not reported to ICO. Advice given. Not reported to ICO. Management advice. Not reported to ICO. Information contained, management words of advice given. Not reported to ICO. Information contained, management words of advice given. Not reported to ICO. Staff member advised. Not reported to ICO. Information contained, management words of advice given. Not reported to ICO. Negative Pen Entry. not provided 1 Wiltshire Constabulary 4 Information not provided HR mailbox Staff member reported that they had accidentally sent a report to the wrong HR mailbox. Not reported to ICO. Negative Pen Entry. Not reported to ICO. Information contained, management words of advice given. Not reported to ICO. Advice given. Not reported to ICO. 1 Information not provided Report sent to wrong department 1 Information not provided 1 Both Staff member reported that a report was sent to HR in error Data from all police forces from January 2012 was given to the NPIA (National Police Improvement Agency) to publish on the CrimeMapper website. Information sent by Wiltshire Police inadvertently contained some items of personal information. This information had come from a No formal disciplinary free text field in our STORM action - ICO informed system, used to record reports made to the police. Approximately 62 data subjects had been affected and the data included names, ages, dates of birth, a mobile telephone number, a house number and vehicle registration numbers. 131 No No No No No No No No 1 Both 1 Police 1 Police An asset audit was conducted by Wiltshire Police which identified the possible loss of devices containing personal data. The risk surrounding possible loss of data and the subsequent reputational risk was thought to be significant though it was not known what data was lost. Email sent to incorrect recipient. The email contained the sensitive personal data of two suspects. Two witness statements that were taken subsequently went missing 132 No formal disciplinary action - ICO informed No No No formal disciplinary action - ICO informed No No Ongoing. Reported to ICO. No No 133 Appendix 1: Methodology A Freedom of Information request was sent to all UK police forces beginning on the 5th January 2016. We asked for the number of times police officers and staff had been convicted, dismissed or disciplined internally for a data breach. In addition we asked for the number of employees that had resigned because of a data breach and those that hadn’t received any disciplinary action. We received a 95% response rate. For the purposes of this report responses were included until 1st July 2016. 134 Appendix 2: Original Freedom of Information Request Dear Sir or Madam I am writing under the Freedom of Information Act 2000 to request information about breaches of the Data Protection Act 1998 in your police force, specifically I am requesting: 1. The number of a) Police officers and b) civilian employees that have been convicted for breaches of Data Protection Act 1998. 2. The number of a) Police officers and b) civilian employees that have had their employment terminated for breaches of the Data Protection Act 1998. 3. The number of a) Police officers and b) civilian employees that have been disciplined internally for breaches of the Data Protection Act 1998. 4. The number of a) Police officers and b) civilian employees that have resigned during disciplinary procedures 1998. 5. The number of instances where a breach has not led to any disciplinary action. In each case, I request that you provide a list of the offences committed by the individual(s) in question, for example "Accessed personal information for personal interest" or "Inappropriately shared victim information with a third party". I request that the time period covered is 1st June 2011-31st December 2015. I further request that the information be displayed in the following format, I have provided the following examples for clarification: Police/Civilian Outline of what was lost/reported missing/accessed Example: Civilian Police USB stick lost. Example: Police Police laptop stolen. Action taken Data contained criminal/ discipline Employee names, dates First written of birth and warning issued. email addresses. Names of local Suspended residents who from work have reported without pay for a crime. two weeks. Additional responses to rectify loss Additional training given. None - laptop encrypted. My preferred format to receive this information is electronically, but if that is not possible I will accept hard copies. I understand under the Freedom of Information Act that I am entitled to a response within twenty working days. 135 I would be grateful if you could confirm this request in writing as soon as possible. 136 About Big Brother Watch Big Brother Watch was set up to challenge policies that threaten our privacy, freedoms and our civil liberties, and to expose the true scale of the surveillance state. Founded in 2009, we have produced unique research exposing the erosion of civil liberties in the UK, looking at the dramatic expansion of surveillance powers, the growth of the database state and the misuse of personal information. We campaign to give individuals more control over their personal data, and hold to account those who fail to respect our privacy, whether private companies, government departments or local authorities. Protecting individual privacy and defending civil liberties, Big Brother Watch is a campaign group for the digital age. If you are a journalist and you would like to contact Big Brother Watch, including outside office hours, please call +44 (0) 7505 448925 (24hrs). You can also email: info@bigbrotherwatch.org.uk For written enquiries: Big Brother Watch 55 Tufton Street London SW1P 3QL www.bigbrotherwatch.org.uk 137 138