Brian Sims
Editor

ICO issues reprimand to Metropolitan Police Service over file handling

Posted to News on Friday, March 17, 2023 Share:

THE INFORMATION Commissioner’s Office (ICO) has issued a reprimand to the Metropolitan Police Service following several issues identified around the latter’s uploading, amending and deleting of various criminal intelligence files relating to Organised Crime Groups.

The breach is reported to have happened between April-July 2020. It was first identified that a coding issue had occurred on the Police National Database, resulting in a small set of test data being inadvertently introduced to the live system. This caused some files to be rejected. An issue that went unnoticed by the Metropolitan Police Service for a considerable amount of time.

Following this, a second incident was discovered whereby sensitive files that had already been loaded on to the Police National Database were not being updated correctly, again going unnoticed by the Metropolitan Police Service.

Once these two issues had been resolved, the Metropolitan Police Service then discovered that Organised Crime Group records had remained on the system when they should have been deleted.

Despite no records being lost, the incidents did lead to information not being available and not correctly updated or deleted from the database. Consequently, this resulted in the ICO taking action and issuing a reprimand to the Metropolitan Police Service.

Particular importance

Stephen Eckersley, the ICO’s director of investigations, stated: “Dealing with any personal information should be done so with the utmost care. This is of particular importance to the Metropolitan Police Service, which handles sensitive information directly relating to criminal activity.”

Eckersley added: “This reprimand reflects the ICO’s wider powers, including the issuing of reprimands and sharing good practice to encourage greater compliance and empower organisations to use people’s data responsibly.”

The Information Commissioner has recommended that the Metropolitan Police Service should take certain steps to ensure its compliance with data protection law, including the following measures:

*Reviewing how its codebase is managed and looking at better protecting deployment code branches, ensuring code reviews take place before deployment and training staff members in these practices

*Assessing and updating code branches to ensure further protection and to prevent code being inadvertently added to live systems

*Better documenting how code is to be tested, reviewed and deployed in order to establish Best Practices (and, in particular, when this involves software that processes potentially sensitive data)

The ICO is satisfied that the Metropolitan Police Service has complied with the recommendations of the reprimand.

Company Info

WBM

64 High Street, RH19 3DE
East Grinstead
RH19 3DE
UNITED KINGDOM

04478 18 574309

Related Topics
Data
ICO
Information Commissioner's Office
Metropolitan Police Service
Organised Crime Groups
Police National Database
Related Articles
Latest Webinars
Biometric access control: are fingerprint cards the future?
Biometric access control: are fingerprint cards the future?
Bandweaver signposts webinar on optical fiber for perimeter security
Video Surveillance: Exploring New Horizons
Perimeter Intruder Detection Solutions
Related Resources
SentriGuard Key Safe Attack Test by BRE
SentriGuard, a new-generation key management solution
Security Matters Podcast – Episode 30 now live to view
Latest News
Multi-agency law enforcement operation infiltrates ‘LabHost’ fraud platform
Secured Environments status awarded to Paternoster Square
Terrorgram added to list of proscribed terrorist organisations

Login / Sign up