News & community

Data retention laws: Is your data safe in the hands of those who collect and access it?

Data retention laws require telecommunications companies to keep telephone and internet traffic data for a certain period of time, during which it can be accessed by law enforcement and security agencies. For example, in 2015 the Australian Parliament passed the Telecommunications (Interception and Access) Amendment (Data Retention) Act requiring the telecommunications industry to retain a set of metadata for two years, and in 2014 the UK Parliament passed the Data Retention and Investigatory Powers Act.

Much of the concern in regard to data retention laws has centred on what information will be retained (in particular, data or metadata), and who will have access to it and for what purposes. But an equally important issue is this: how safe is our data in the hands of the law enforcement and security agencies who collect and access it?

Against the backdrop of the proposed further strengthening of data retention laws in the UK through the Investigatory Powers Bill, civil liberties organisation Big Brother Watch has published the report Safe in Police hands? How Police Forces suffer 10 data breaches every week and still want more of your data1.

The report reviews UK police records to find that:

  • In the past 5 years there have been 2,315 breaches in police forces, including the following:
    • 869 (38%) instances of inappropriate/unauthorised access to information
    • 877 (38%) instances of inappropriate disclosure of data to third parties.
  • 25 cases involved misuse of the Police National Computer.
  • 1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.
  • 297 (13%) cases resulted in either a resignation or dismissal.
  • 70 (3%) cases resulted in a criminal conviction or a caution.
  • 258 (11%) cases resulted in either a written or verbal warning.

In response, Big Brother Watch is pushing for custodial sentences for serious data breaches, arguing that existing penalties are inadequate. Their recommendations are:

  1. The introduction of custodial sentences for serious data breaches.
  2. Where a serious breach is uncovered the individual should be given a criminal record.
  3. The mandatory reporting of a breach that concerns a member of the public.
  4. The removal of Internet Connection Records from the Investigatory Powers Bill.
  5. Adoption of the General Data Protection Regulations.

The General Data Protection Regulation is a proposed new data protection arrangement for the EU, which Big Brother Watch argues the UK should still adopt despite its recent decision to leave the EU.

Reference:

  1. Big Brother Watch. (2016). Safe in Police hands? How Police Forces suffer 10 data breaches every week and still want more of your data. July 2016.

Also published on Medium.

Bruce Boyes

Bruce Boyes is a knowledge management (KM), environmental management, and education thought leader with more than 40 years of experience. As editor and lead writer of the award-winning RealKM Magazine, he has personally written more than 500 articles and published more than 2,000 articles overall, resulting in more than 2 million reader views. With a demonstrated ability to identify and implement innovative solutions to social and ecological complexity, Bruce has successfully completed more than 40 programs, projects, and initiatives including leading complex major programs. His many other career highlights include: leading the KM community KM and Sustainable Development Goals (SDGs) initiative, using agile approaches to oversee the on time and under budget implementation of an award-winning $77.4 million recovery program for one of Australia's most iconic river systems, leading a knowledge strategy process for Australia’s 56 natural resource management (NRM) regional organisations, pioneering collaborative learning and governance approaches to empower communities to sustainably manage landscapes and catchments in the face of complexity, being one of the first to join a new landmark aviation complexity initiative, initiating and teaching two new knowledge management subjects at Shanxi University in China, and writing numerous notable environmental strategies, reports, and other works. Bruce is currently a PhD candidate in the Knowledge, Technology and Innovation Group at Wageningen University and Research, and holds a Master of Environmental Management with Distinction and a Certificate of Technology (Electronics). As well as his work for RealKM Magazine, Bruce currently also teaches in the Beijing Foreign Studies University (BFSU) Certified High-school Pathway (CHP) program in Baotou, Inner Mongolia, China.

Related Articles

Back to top button