The Big Brother Watch, a body which campaigns against intrusions on privacy, has published a report highlighting the extent of police abuse of the Data Protection Act.
The findings highlight huge breaches of the Data Protection Act between 2007 – 2010, including police officers and staff running background checks on friends and possible partners, as well as some passing sensitive information on to criminal gangs and drug dealers. In total, 904 police officers and staff were subjected to internal disciplinary hearings for breaches of the Data Protection Act, 243 received criminal convictions for breaking the law, and 98 had their employment terminated within this period.
Mark Fullbrook, Director, UK and Ireland at Privileged Identity Management expert Cyber-Ark, has said the following:
“Given all the allegations in the news this week, this report comes at an already challenging time for the police force. It is all the more disappointing that what should be one of the most trustworthy organisations in the country is abusing its privilege to this extent. Whether it is satisfying someone’s idle curiosity or something more sinister, like providing sensitive information to criminals, data protection is ultimately being breached and privilege is being abused.
“Big Brother Watch’s findings reflect a problem that all organisations face, one that is sadly not uncommon. Indeed, recent Cyber-Ark research found that 44% of IT staff in EMEA admitted to accessing information irrelevant to their job, and 31% said that they, or a peer, had used administrative passwords to gain access to confidential or sensitive data**.
“The police, like any other organisation, has an obligation to protect sensitive information. In order to help achieve this, all companies must put in place technologies that have a comprehensive overview of privileged access, which logs and monitors all sessions and activities. In addition, as reports continue to surface of other individuals repeatedly abusing their position to access sensitive information, there clearly remains a real need to educate staff on the importance of data protection and the responsibility that comes with privilege.”