We are drowning in information and starved for knowledge.
― Author Unknown
One of the many advantages of being a member of IODPA is the availability of expert knowledge on a variety of topics, all relevant to police injury pensions.
One way we assist our members is by informing them of their rights as ‘data subjects.’
The term ‘data subject’ refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity. In other words, a data subject is an individual whose personal data can be collected.
In the course of an officer’s career, their force accumulates considerable quantities of information about the individual. In the case of injury-on-duty pensioners that accumulation of data does not stop on their retirement – their force keeps on gathering it.
Trouble is, some forces don’t look after the personal information they acquire.
It is fair to say that data protection law rarely springs to the forefront of injury-on-duty pensioners minds. That is understandable, but when we see that a large and professional organisation, seems to have little knowledge of how the law requires them to manage the huge quantities of data they acquire and store, then we begin to worry.
One such deficient organisation is Staffordshire Police, which has just been shockingly revealed to be in dire need of improving its data handling processes and procedures.
The Information Commissioner’s Office has recently published its Executive Summary of a Data Protection Audit which it conducted of Staffordshire Police. You can read it here.
[pdf-embedder url=”https://iodpa.org/wp-content/uploads/2018/08/staffordshire-police-audit-052018.pdf” width=”600″]
The report concludes Staffordshire Police could provide only limited assurance that,
processes and procedures are in place and delivering data protection compliance.
Moreover, the audit identified,
considerable scope for improvement in existing arrangements to reduce the risk of non-compliance with the DPA.
The ICO report is also critical of Staffordshire Police’s lack of a data protection policies, a lack of awareness of arrangements for sharing information, out of date information about data protection on its web site, failing to advise people about fair processing of personal information, an inability to show that information held was accurate and up to date, no publication scheme covering freedom of information requests and responses, and a low training rate of employees on data protection.
That covers pretty much all of the areas of data protection law, and shows that Staffordshire is failing in all of them.
What this means for injury-on-duty pensioners can be best illustrated by recounting some of the experiences of our members.
We are told of swathes of personal information being lost or destroyed, including important records confirming entitlement to an injury pension.
We are informed of the opposite – of Staffordshire unnecessarily retaining huge quantities of sensitive personal financial and medical information relating to former officers, and in some cases, relating to third parties such as family members.
We hear of long delays in responding to Freedom Of Information Act requests.
We are notified of inaccurate information being held, and of very sensitive personal information being accessed by employees without the permission of the data subject.
The situation is so bleak within Staffordshire Police that some of our members have been compelled to make formal complaints to the Information Commissioner’s Office. It is our understanding that these complaints will reveal even more deficiencies in Staffordshire’s handling of personal information.
The ICO report advises, ‘The matters arising in this report are only those that came to our attention
during the course of the audit and are not necessarily a comprehensive statement of all the areas requiring improvement.’
IODPA believes that Staffordshire is only one of many forces who are failing in respect of data protection.
The Information Commissioner’s Office provides a valuable and important safeguard of injury-on-duty pensioners’ data rights and we applaud the ICO for its work and for bringing the deficiencies of Staffordshire Police into the light of public knowledge. The findings of the ICO’s initial audit are, we hope, a salutary wake-up call to Staffordshire and to all other forces who casually process so much personal information whilst starved of knowledge of data protection law.