More than 900 UK police officers and staff were being subjected to internal disciplinary procedures for breaching the Data Protection Act (DPA) over a three year period.
According to Big Brother Watch, between 2007 and 2010 904 police officers and staff were subjected to internal disciplinary procedures for breaching the DPA. Of these, 243 police officers and staff received criminal convictions for breaching the DPA and 98 police officers and staff had their employment terminated for breaching the act.
The areas with the largest number of officers and police staff subjected to internal disciplinary procedures for DPA breaches since 2007 were: Merseyside (208), West Midlands (83), Humberside (62), South Yorkshire (42) and Northumbria (39).
Daniel Hamilton, director of Big Brother Watch, said: “Our investigation shows that not only have police employees been found to have run background records checks on friends and possible partners, but some have been convicted for passing sensitive information to criminal gangs and drug dealers. This is at best hugely intrusive and at worst, downright dangerous.
“Police forces must adopt a zero tolerance approach to this kind of behaviour. Those found guilty of abusing their position should be sacked on the spot.”
Among the notable cases, in Merseyside 208 police officers and staff received legal cautions for viewing a computer record relating to a high profile arrest; while in Nottinghamshire, a police sergeant was handed a 12-month jail sentence after being convicted of accessing police systems in order to obtain personal data for non-policing purposes.
Mark Fullbrook, director of UK and Ireland at Cyber-Ark, said: “Given all the allegations in the news this week, this report comes at an already challenging time for the police force. It is all the more disappointing that what should be one of the most trustworthy organisations in the country is abusing its privilege to this extent.
“Whether it is satisfying someone's idle curiosity or something more sinister, like providing sensitive information to criminals, data protection is ultimately being breached and privilege is being abused. The police, like any other organisation, have an obligation to protect sensitive information."
Alex Teh, commercial director at Vigil Software, said: "The increases in data breaches within the police have only served to highlight the need for rigorous security processes to protect confidential information. It is absolutely imperative to ensure that the most stringent measures are in place, from access authentication to preventative monitoring and encryption.
"With the introduction of The Police National Database last week, the pressure is mounting to ensure that sensitive data cannot be accessed and leaked through insider or outsider threats. Having created one database in effect means one point of vulnerability and police forces across the UK will now be able to access the database to share intelligence. With this in mind, the risks of an insider breach are heightened and security processes need to be tightened to make certain that confidential data does not fall into the wrong hands.”