In the news

Data retention laws: Is your data safe in the hands of those who collect and access it?

Data retention laws require telecommunications companies to keep telephone and internet traffic data for a certain period of time, during which it can be accessed by law enforcement and security agencies. For example, in 2015 the Australian Parliament passed the Telecommunications (Interception and Access) Amendment (Data Retention) Act requiring the telecommunications industry to retain a set of metadata for two years, and in 2014 the UK Parliament passed the Data Retention and Investigatory Powers Act.

Much of the concern in regard to data retention laws has centred on what information will be retained (in particular, data or metadata), and who will have access to it and for what purposes. But an equally important issue is this: how safe is our data in the hands of the law enforcement and security agencies who collect and access it?

Against the backdrop of the proposed further strengthening of data retention laws in the UK through the Investigatory Powers Bill, civil liberties organisation Big Brother Watch has published the report Safe in Police hands? How Police Forces suffer 10 data breaches every week and still want more of your data1.

The report reviews UK police records to find that:

  • In the past 5 years there have been 2,315 breaches in police forces, including the following:
    • 869 (38%) instances of inappropriate/unauthorised access to information
    • 877 (38%) instances of inappropriate disclosure of data to third parties.
  • 25 cases involved misuse of the Police National Computer.
  • 1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.
  • 297 (13%) cases resulted in either a resignation or dismissal.
  • 70 (3%) cases resulted in a criminal conviction or a caution.
  • 258 (11%) cases resulted in either a written or verbal warning.

In response, Big Brother Watch is pushing for custodial sentences for serious data breaches, arguing that existing penalties are inadequate. Their recommendations are:

  1. The introduction of custodial sentences for serious data breaches.
  2. Where a serious breach is uncovered the individual should be given a criminal record.
  3. The mandatory reporting of a breach that concerns a member of the public.
  4. The removal of Internet Connection Records from the Investigatory Powers Bill.
  5. Adoption of the General Data Protection Regulations.

The General Data Protection Regulation is a proposed new data protection arrangement for the EU, which Big Brother Watch argues the UK should still adopt despite its recent decision to leave the EU.

Reference:

  1. Big Brother Watch. (2016). Safe in Police hands? How Police Forces suffer 10 data breaches every week and still want more of your data. July 2016.
Rate this post

Also published on Medium.

Bruce Boyes

Bruce Boyes (www.bruceboyes.info) is editor, lead writer, and a director of the award-winning RealKM Magazine (www.realkm.com), and a knowledge management (KM), environmental management, and project management professional. He is a PhD candidate in the Knowledge, Technology and Innovation Group at Wageningen University and Research, and holds a Master of Environmental Management with Distinction. His expertise and experience includes knowledge management (KM), environmental management, project management, stakeholder engagement, teaching and training, communications, research, and writing and editing. With a demonstrated ability to identify and implement innovative solutions to social and ecological complexity, Bruce's many career highlights include establishing RealKM Magazine as an award-winning resource, using agile and knowledge management approaches to oversee an award-winning $77.4 million western Sydney river recovery program, leading a knowledge strategy process for Australia's 56 natural resource management (NRM) regional organisations, pioneering collaborative learning and governance approaches to support the sustainable management of landscapes and catchments, and initiating and teaching two new knowledge management subjects at Shanxi University in China.

Related Articles

Back to top button