The Government data loss thread

Sheila Struthers

Well-known member
Exclusive: Scandal of computer snooping by public servants

THE scandal of dozens of police officers, nurses, social workers, council staff and other public servants caught snooping in the private files of people living in Yorkshire can be revealed for the first time today.
Disciplinary records released to the Yorkshire Post by police forces, NHS trusts and local councils across the region have revealed scores of cases of public workers being caught abusing their positions of trust to look up private information about people they know.

The cases include numerous police officers caught running criminal record checks against ex-partners and family members, a council finance officer in Rotherham found looking up the private details of 72 friends and neighbours, and a doctor in Doncaster caught looking at a colleague's medical records.

At one hospital, in Rotherham, a cleaner was caught only last month accessing the private medical files of a friend to determine that she had recently had an abortion. That disciplinary case is still proceeding.

At another hospital, in Sheffield, a receptionist gathered patients' personal contact records and used them for a second job as a market researcher.

The most worrying pattern of data abuse emerges at the region's four police forces, where by far the most frequent breaches of data protection have taken place.

Humberside Police said 31 members of staff had been disciplined for inappropriately accessing data over recent years, including a CID "serious crime" officer who received a written warning after running criminal record checks on his own nephew.

Other cases at the force included a traffic officer who checked the criminal records of his mother's neighbour after his mother was burgled, and an incident resolution officer who looked up details on his step-daughter's new boyfriend. Only one of the 31 was dismissed.

The force's head of professional standards, Superintendent Ray Higgins, said: "We treat informa tion security very seriously and have a dedicated team of experienced individuals who concentrate on maintaining the integrity and security of our databases."

Neighbouring North Yorkshire Police confirmed 39 cases where staff and officers have been reprimanded over the past 36 months.

Assistant Chief Constable Sue Cross said: "The use of restricted force data systems and email is monitored. This enables the force to identify any non-compliance and to investigate any suspected transgressions. A full range of sanctions are available to deal with the relatively small number of individuals who breach force policies, including verbal advice, written warnings, formal reprimands and, in the most serious cases, dismissal."

South Yorkshire Police detailed 48 cases stretching back to 2005. Most officers involved received warnings or "management advice", but several either resigned or were ordered to do so. West Yorkshire Police said there have been 22 cases of its officers receiving reprimands for inappropriately accessing data, plus a further 26 cases of police staff committing unspecified "misuse of computer offences" over recent years. Two of the officers were asked to resign and another demoted.

The force said these results did not include the written warnings it sent in November to around 70 members of staff who had accessed the criminal records of a TV talent show contestant following a string of lurid allegations about her in the tabloid Press. Meanwhile nine NHS trusts across Yorkshire have revealed mostly isolated cases of staff being reprimanded for similar offences, including primary care trusts in Wakefield and Barnsley, and hospitals trusts in Barnsley, Goole, Mid-Yorkshire, South Tees and Rotherham.

The highest number of cases was at Doncaster and Bassetlaw Hospitals NHS Trust, where six members of staff have been reprimanded over the past three years. However, the trust insisted only three of the cases should be classed as formal disciplinary matters.

In one such case, a nurse accessed the private medical test results of her daughter's father. She was dismissed but reinstated on appeal. In another, a clerk received a written warning after looking up her brother's test results.

A spokeswoman for the trust said: "We take data security very seriously and have a number of means of ensuring that patients' personal data is not accessed inappropriately. All six cases of inappropriate access to medical records related to an individual's colleague, partner, or relative – and while this is inexcusable, it does not indicate misuse of the millions of patient records we hold."

There were five cases at Sheffield Teaching Hospitals Trust, ranging from the relatively innocent – a staff member wanting to send a birthday card to a sick relative, and checking which hospital ward they were on – to the sinister, as in the case of staff member accessing the medical records of an ex-partner's new partner. Three of the staff members involved received final warnings, and two were dismissed.

And seven of Yorkshire's 22 local councils have admitted staff have been caught inappropriately accessing data about members of the public over the past three years.

These included two at Wakefield Council who looked up information on family members – one of whom was fired – and two at Doncaster Council, including one who looked up details on an ex-partner. There were also isolated cases among staff at Hull, North Yorkshire, North-East Lincolnshire and Kirklees Councils.

At Rotherham Borough Council, two staff members were caught committing offences, including an audit and finance officer who resigned after being caught accessing the records of 72 neighbours out of "personal curiosity".

A spokeswoman said the authority took such incidents "very seriously indeed" and "acts immediately". She added: "Fortunately, this situation is quite rare. The breach of these codes of conduct has only arisen twice in the past three years and neither was done for malicious reasons – simply that the officers went above and beyond their individual duties."
One of the most serious aspects of all of these cases is that the relevant authorities only shed crocodile tears when they should have sacked the offenders on the spot.
We might have a lot fewer cases if the culprits knew they would be automatically dismissed.
Tip of the iceberg - Think on how many do it and don't get caught? - And then there's those that go unknown by way of the old pals piss in the same pot act -

Elaine Kirk

Super Moderator
Police child abuse tapes 'found at Glasgow bus station'

From the BBC
An investigation has been launched into allegations that confidential police tapes were found at a Glasgow bus station.

It is reported the tapes showed a little girl telling officers about alleged child abuse.

The Daily Record said the tapes were delivered to its office by someone who claimed to have found them at Buchanan Bus Station in the city centre.

Newspaper staff then handed them to police.

Strathclyde Police confirmed it had launched an inquiry into the incident.

Det Ch Supt Russell Dunn, of the force's public protection unit, told the newspaper they would be treating the matter "very seriously".

The newspaper said the tape showed the six-year-old's harrowing police interview in which she described an alleged drunken assault by her father on her three-year-old brother.

Senior Strathclyde Police officers told the paper they were unsure if the tapes had been lost or stolen.

The paper said the family had been contacted by police and offered an unreserved apology for the breach of privacy.


Tayside Police officer admits leaking sensitive data

Tayside Police officer admits leaking sensitive data

A police officer has admitted leaking sensitive information to her lover who then tipped off a suspect in a criminal investigation.

Police constable Karen Howie, 34, who is married to another officer, has since resigned from Tayside Police.

She admitted two charges of perverting the course of justice at Dundee Sheriff Court.

Her co-accused, Neil Hand, 44, admitted one charge under the Data Protection Act. Both will be sentenced later.
A spokeswoman for Tayside Police said:

"Tayside Police is entrusted to safeguard personal and confidential information about people in contact with us.

"We value the trust the public have in us and where our staff betray that trust we will vigorously investigate and report such matters for consideration of prosecution."
By which time the sometimes irreparable damage has already been done.


Ealing Council and Hounslow Council fined by ICO – Unencrypted Laptops

Here we go again. Thanks to Stu of ConsiderIT for tweeting it to my attention.

Ealing Council and Hounslow Council fined by ICO – Unencrypted Laptops

Ealing Council – FINED £80,000
Hounslow Council – FINED £70,000
That's taxpayers'money going out of these boroughs into a black hole.

The ICO issued Ealing Council with an £80,000 penalty explaining that it breached the Data Protection Act by issuing an unencrypted laptop to a member of staff in breach of its own policies. This method of working has scarily been in place for several years and there were insufficient checks that relevant policies were being followed or understood by staff.

Hounslow Council breached the Data Protection Act by failing to have a written contract in place with Ealing Council. Hounslow failed to also monitor Ealing Council’s procedures for operating the service securely.
Too little, too late as usual.
I have never seen the point of fining public bodies because, as Ali says, the money disappears into some black hole or other. It would be much more effective if the responsible officials were fined personally and given a year or two of community service to do.


Seems ludicrous, doesn't it, Earthtracer? If the public body is fined who pays the fine? The people who fund the public body. Us, in effect.


Sheila Struthers

Well-known member
Immigration officer sacked for putting wife he didn't like on terror watch list Read

An immigration officer put his own wife on a terrorist watch list – *so she could not get home from a trip to Pakistan.

The officer was so sick of his partner that when she was visiting family overseas he added her name to the register of people banned from flights into the UK.

When she went to the airport to get her return flight back, officials told her she could not board the plane and did not *explain why.

She called her husband, who *promised to look into it – but left her stuck in Pakistan for THREE YEARS. He was sacked after bosses found out about his antics.

An immigration source said: “A lot of people may dislike their other halves but to do this takes it to the next level. Needless to say she was confused when she got to the airport as she had never been involved in anything criminal or terrorist related.

Elaine Kirk

Super Moderator

University of York in student data breach on website
from the
An investigation has begun at the University of York after personal data of 148 students was published.

Information including the students' mobile phone numbers, addresses and A-level results was made available.

The information could be accessed on a student inquiry page on the university's website.

In a statement, the university said it had "taken immediate action to rectify this problem" and had apologised to all those students affected.

Legal action
Following the breach of data last week, the university said a review of its security systems was under way.

The statement, signed by Registrar Dr David Duncan, said: "We are also investigating all procedures and management systems and will undertake a thorough review of our data security arrangements.

"The Information Commissioner has been informed.

Sheila Struthers

Well-known member
School escapes fine after YouTube gaffe
The UK's privacy watchdog has investigated a school in Wales after a teacher posted the name, address, phone number and behaviour record of a pupil on YouTube.

The Information Commissioner's Office (ICO) took action when it received a complaint that Eirias High School in Colwyn Bay had uploaded the student's information on to the video-sharing website as part of a training film for staff.

The school was fortunate to escape with a slap on the wrist as the privacy watchdog has the power to issue fines of up to £500,000 for contravening data-protection laws.

The three-minute video was uploaded by Eirias High to show teachers how to record bad behaviour and bullying, using the school's internal computer system.

A running commentary accompanied the film, which showed the confidential record of an 11-year-old pupil being opened. It stated that the boy was well known for his poor behaviour while displaying all of his personal information, including mobile phone number and home address.


NHS security breach as patients' letters posted with security codes on envelopes

H/T Maire and Jill via Facebook.

NHS security breach as patients' letters posted with security codes on envelopes

At least 216 letters have been posted with security codes for door entry and key safe boxes printed on the front of the envelopes.

The confidential information is used by carers and nurses to gain entry to immobile patients’ homes.

But it was wrongly added to records on the Personal Demographic Service, part of the NHS “Spine” database that holds the contact details of every patient in England, and then put onto address labels when letters were sent out.
A Department of Health spokesman said: "We have been made aware that in a number of cases additional information about addresses has been stored inappropriately on the Personal Demographic Service.

“We have no evidence this had led to security breaches. We are currently investigating and will take action as necessary.”
Reassuring, isn't it?
Where is the bringing to account is what I would like to know? It just goes on and on and nothing seems to happen to rectify the situation. Seems like idiots get away with being idiots and are being paid for being idiots!