Lessons must be learned from the case of Newham Council and its breach of Data Protection laws when sharing a police intelligence list with other agencies.
The council shared details of 203 individuals on the list – which ended up finding their way onto the social media site Snapchat – without protecting key personal details.
These included dates of birth, home addresses, gang associations and whether they were likely to carry a gun or knife.
An investigation by the Information Commissioner’s Office (ICO) found these details – on a database called the ‘Gangs Matrix’ – were then obtained by rival gang members between May and September 2017.
It said a spate of gang violence in the borough of Newham that same year included victims whose details were exposed in the data breach
Despite this, the ICO said it was not possible to say whether there was a causal connection between any individual incidents of violence and the data breach.
The ‘Gangs Matrix’ list was established after the 2011 London riots but has previously been criticised by the ICO for failing to distinguish between victims of crime and offenders.
At Hudgell Solicitors, we are currently representing one of the individuals named on the list which was shared with other agencies by Newham Council.
This was a clear breach of data protection laws which, given the nature of information contained, could have had serious consequences for not only those on the list, but people close to them. It could have put lives at risk.
With regards to our client, the address contained on the list was that of his parents, and for this information to fall into the wrong hands – as it clearly did -was highly worrying, so much so that they had to take extra security measures.
Such lists and information are of course vital for the police and other agencies when tackling serious crime.
However, it is also information which can escalate crime and increase risk if not properly handled and protected, and if it falls into the wrong hands. A situation where it is being shared on social media is frankly a disgrace.
As in many cases we see of data protection breaches, this was a serious but ultimately basic error over email communication.
It is surprising that Newham Council had no policy in place for how employees should handle such sensitive information, and lessons certainly need to be learned with that regard.