FoI request reveals hundreds of potential cases of internal data misuse in the UK police sector
Nearly 800 reported incidents in less than 16 months, with 34 UK police forces taking steps to improve monitoring systems
London, 26 July 2017 – UK police forces detected and investigated at least 779 cases of potential misuse of data by personnel between January 1st 2016 and April 10th 2017 according to a Freedom of Information (FOI) request by Huntsman Security. Despite the high number of cases, the request also revealed that forces are actively following recommendations to address this issue.
34 forces across the UK confirmed that they have implemented plans to ensure they have the capability and capacity required to seek intelligence on potential abuse of authority by staff. For all but one of the forces, those plans include monitoring IT systems to ensure they aren’t being accessed or used for unethical purposes. The findings come in the wake of the PEEL: Police Legitimacy 2016 report, which found that forces needed to do more to investigate and prevent staff abuse of IT systems and sensitive personal data, in order to protect the legitimacy of, and trust in, the police.
“Public trust and legitimacy is critical for the police: without these, a modern police force risks losing the confidence of the people it aims to serve,” said Peter Woollacott, CEO, Huntsman Security. “If there is any prospect of the safety and security of information being at risk, then every action should be taken to safeguard it before damage is done. The PEEL report highlighted that forces cannot rely on abuses being reported.
Implementing systems that don’t themselves intrude on privacy, but can identify when someone is accessing data that they shouldn’t be, is a good way for forces to ensure all personnel are behaving in an ethical manner when it comes to sensitive data.”
Published in January 2017, the PEEL report investigated whether police forces and personnel were treating their privileged status ethically, and how this affected their legitimacy. The investigation reviewed issues such as whether personnel were accessing and abusing forces’ stored personal data – and found more than a third (37%) of forces ‘required improvement’. The report stated that ‘many [forces] need to improve their ability to seek out intelligence’ on the subject, rather than waiting for complaints from members of the public or within the organisation.
Compared to 603 investigations taking place in 2016, there were 176 in the first 100 days of 2017. As some forces were unable to reveal the number of cases in 2017 due to on-going investigations, it is likely that the true figure will be higher. Given that one of the recommendations from the PEEL report was the implementation of better monitoring systems, the hope is that police forces will continue to become more adept at identifying misuse of systems and applications.
“The fact that so many potential cases were reported shows that this is still a serious problem. However, it is very encouraging to see forces taking concrete steps to address the issue,” continued Woollacott. “These statistics underline just how complicated data protection really is. Regardless of whether they are a police force or a pension fund, all organisations need to make sure that their data is being stored and used correctly by all personnel. Critically, they need to be able to continuously monitor to ensure that this is the case.”
About the Freedom of Information Request:
Huntsman Security contacted 45 police forces across the UK. Ten forces did not respond, while one responded but did not provide any information.
About Huntsman Security
Huntsman Security pioneered intelligent enterprise and cyber security with its landmark platform, Huntsman® Enterprise SIEM, incorporating Behaviour Anomaly Detection (BAD). The Huntsman Analyst Portal® adds a whole new level of intelligence to automated incident response and the threat resolution process. Huntsman® patented key aspects of BAD to detect anomalies in real time and so provides early warning of cyber threats, data leakage, malware and fraud. Huntsman® is a defence-grade cyber security platform which includes threat detection, security analytics and incident resolution. Huntsman® is deployed in central government, finance and infrastructure environments in the UK, Japan and Australia. See www.huntsmansecurity.com.
Huntsman Security Media Contact
Dominic Walsh l https://huntsmanphp7.flywheelsites.com | +44 (0) 845 222 2010 l 020 7436 0420 | firstname.lastname@example.org l @tier3huntsman