The UK government’s policy of playing fast and loose with personal data – and in the process apparently ignoring its own data protection rules – has taken another turn for the worse with the publication of the report into the ‘misplacing’ a disk of DNA profiles sent by Dutch authorities in January 2007.
A review by Peter Lewis, chief executive of the Crown Prosecution Service, found the disk
was sent unexpectedly to the CPS – it should have gone to Mutual Legal
Assistance, which deals with international exchanges of police
information and evidence. Instead, it was sent by business post in an envelope addressed to
CPS’s Ludgate Hill office, but not to an individual or even a
department. The disk arrived 29 February 2007. On 2 March a senior manager
noticed the disk and contacted Dutch authorities, who told him the
right lawyer to contact within the CPS.
The review said “By March 2007 the Dutch disk was in the hands of
the lawyer who, although not expecting the disk, was aware of the
background to Operation Thread [as the Anglo-Dutch co-operation was
known], knew what was likely to be contained on the disk and should
have understood its importance to the investigation of crime in the
Netherlands. All that was now required was for the disk to be placed in a safe
or secure cabinet and for contact to be made quickly with the police to
arrange for the secure collection or transfer of the disk. This was a
simple task that could and should have been undertaken immediately.”
But this “simple task” was not carried out. The disk did not get
delivered to the police until almost a year later – January 2008 and the 2159 DNA profiles from crime scenes were not checked against
the UK database until February 2008. This resulted in 15 matches.
Because of the delay in dealing with the disk, 11 of the 15 suspects
had already gone on to commit further crimes in the UK.
The report gave a brief summary of the disk’s travels, or lack thereof, in that period. The lawyer who had the disk took an unexpected and lengthy leave of
absence in early April 2007. This person did not tell their manager
about the disk. In late April Dutch authorities asked about the disk,
but nothing was done. In August 2007 the CPS searched for the disk and could not find it.
On 14 August the Home Office asked the Dutch if they could pop
another copy in the post. The report notes: “The Dutch Authorities were
more concerned about the whereabouts of the original disk and the
matter was not pursued.” In late October the lawyer returned from leave of absence. The disk was found and police contacted 21 November.
The report said: “There followed an almost casual exchange of
correspondence over the next two months… The disk was eventually
collected by NDNADB [National DNA Database] on 11 January 2008. No evidence was found that the disk was copied or ever left the CPS offices.”
The report is circumspect about actual crimes committed as a result
of this failure, because: “A number of individuals who may have felt
they had successfully escaped justice in the Netherlands are now at
risk of arrest and it would be very unfortunate if a fuller reporting
of Operation Thread alerted them to their vulnerability and caused them
to go into hiding, flee the jurisdiction or impede investigations in
the Netherlands.” The report made several recommendations for improving data transfer
in future, but said: “It is essential that understandable concerns
caused by both the delay in executing Operation Thread, and the
uncertainty of its final outcome, do not in any way diminish enthusiasm
for similar exchange agreements with other partner states in the
future.”
And, just to prove that any future Tory government will be equally shambolic and cavalier with personal data, during the course of the campaign leading up to yesterday’s by-election in Crewe & Nantwich, a local Tory party official accidentally emailed several Excel spreadsheets
containing details on thousands of voters to radio station Manx Radio,
a local newspaper and another media outlet. The information included
names, addresses and voting intentions for 8,000 people.
The Tory party’s initial response was that this was no big deal as the offending emails “were only seen by a couple of journalists” – although a official subsequently told some media channels that they were not allowed to report this story, because that was the law. (It’s not.) The Information Commissioner’s Office is now investigating the leak.
If these leaks had occurred in the real world, heads would be rolling in all directions but clearly government agencies and political parties operate in a different reality to the rest of us.