data protection

The ICO Audits Staffordshire Police

The ICO Audits Staffordshire Police

We are drowning in information and starved for knowledge.

― Author Unknown

 

One of the many advantages of being a member of IODPA is the availability of expert knowledge on a variety of topics, all relevant to police injury pensions.

One way we assist our members is by informing them of their rights as ‘data subjects.’

The term ‘data subject’ refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity. In other words, a data subject is an individual whose personal data can be collected.

In the course of an officer’s career, their force accumulates considerable quantities of information about the individual. In the case of injury-on-duty pensioners that accumulation of data does not stop on their retirement – their force keeps on gathering it.

Trouble is, some forces don’t look after the personal information they acquire.

It is fair to say that data protection law rarely springs to the forefront of injury-on-duty pensioners minds. That is understandable, but when we see that a large and professional organisation, seems to have little knowledge of how the law requires them to manage the huge quantities of data they acquire and store, then we begin to worry.

One such deficient organisation is Staffordshire Police, which has just been shockingly revealed to be in dire need of improving its data handling processes and procedures.

The Information Commissioner’s Office has recently published its Executive Summary of a Data Protection Audit which it conducted of Staffordshire Police. You can read it here.

staffordshire-police-audit-052018

 

The report concludes Staffordshire Police could provide only limited assurance that,

processes and procedures are in place and delivering data protection compliance.

Moreover, the audit identified,

considerable scope for improvement in existing arrangements to reduce the risk of non-compliance with the DPA.

The ICO report is also critical of Staffordshire Police’s lack of a data protection policies, a lack of awareness of arrangements for sharing information, out of date information about data protection on its web site, failing to advise people about fair processing of personal information, an inability to show that information held was accurate and up to date, no publication scheme covering freedom of information requests and responses, and a low training rate of employees on data protection.

That covers pretty much all of the areas of data protection law, and shows that Staffordshire is failing in all of them.

What this means for injury-on-duty pensioners can be best illustrated by recounting some of the experiences of our members.

We are told of swathes of personal information being lost or destroyed, including important records confirming entitlement to an injury pension.

We are informed of the opposite – of Staffordshire unnecessarily retaining huge quantities of sensitive personal financial and medical information relating to former officers, and in some cases, relating to third parties such as family members.

We hear of long delays in responding to Freedom Of Information Act requests.

We are notified of inaccurate information being held, and of very sensitive personal information being accessed by employees without the permission of the data subject.

 

The situation is so bleak within Staffordshire Police that some of our members have been compelled to make formal complaints to the Information Commissioner’s Office. It is our understanding that these complaints will reveal even more deficiencies in Staffordshire’s handling of personal information.

The ICO report advises, ‘The matters arising in this report are only those that came to our attention
during the course of the audit and are not necessarily a comprehensive statement of all the areas requiring improvement.’

IODPA believes that Staffordshire is only one of many forces who are failing in respect of data protection.

The Information Commissioner’s Office provides a valuable and important safeguard of injury-on-duty pensioners’ data rights and we applaud the ICO for its work and for bringing the deficiencies of Staffordshire Police into the light of public knowledge. The findings of the ICO’s initial audit are, we hope, a salutary wake-up call to Staffordshire and to all other forces who casually process so much personal information whilst starved of knowledge of data protection law.

More ICO advice for Northumbria Police

More ICO advice for Northumbria Police

Another interesting development regarding the use of injured pensioners data by Northumbria Police and complaints that have been made to the Information Commissioners Office (‘ICO’).

IODPA believe that a number of police pensioners have made similar complaints regarding their former force attempting to coerce them to hand over their private and sensitive data (medical notes).

Many of them have taken the step to complain to the ICO, who have now issued advice to them.

The complaints have been centred around consent being freely given when considering releasing medical notes, the retention of medical notes and Subject Access Requests. The upshot is, that it is “unlikely that NP are complying with the first principal of the Data Protection Act”, which states that personal data should be processed fairly and lawfully.

Please note, this is advice from the ICO as opposed to a formal decision notice and it is for individuals. We would imagine that the ICO would come to the same conclusion for any pensioner with a similar complaint, regardless of force.

Of course this is not the first time that the ICO have provide advice in relation to Northumbria Police – https://iodpa.org/2017/11/24/northumbria-police-federation-wins-ico-advice-notice/

If you believe your data is being processed unfairly, please get in touch with the ICO – https://ico.org.uk/

 

Nothumbria - ICO advice

 

Northumbria Police Federation Wins ICO Advice Notice

Northumbria Police Federation Wins ICO Advice Notice

Inspector Adrian Smiles, a Northumbria Police officer, and vice chairman of the Northumbria Police Federation has asked the ICO to rule on the matter of demanding full medical records from birth.

The artificially high, SMP imposed,  glass ceiling of a PPA’s definition of attendance has been smashed and put beyond doubt by the Information Commissioner in the declaration that such demands of personal and sensitive data is excessive and a breach of the Data Protection Act.

1 ICO DECISION RE NORTHUMBRIA 10.11.17

 

 

The Protection of Personal Data & The Sad Story of “Z”

The Protection of Personal Data & The Sad Story of “Z”

“If I maintain my silence about my secret it is my prisoner…if I let it slip from my tongue, I am ITs prisoner.”
Arthur Schopenhauer

One important aspect of privacy is recognised in common law – that of the confidentiality of medical information.   Patients should be free of the fear that they will be harmed by disclosure of clinical information as a result of engaging with a doctor.

In the UK there are various statutes and statutory instruments that require doctors to reveal information, which would otherwise be considered confidential. For example the reporting of notifiable diseases (Public Health Control of Diseases Act 1984) or notification of terminations of pregnancy (Abortion Regulations, 1991).  The Abortion Regulations provides a good example of the clarity given to the subject’s protections when medical information has to be disclosed, its section 5 specifically refers to the restrictions placed on disclosure of information.   There are ten parts to this section that explicitly spells out the limited remit of any information disclosed to the Chief Medical Officer and his delegates relating to abortions and the narrow window that it can be processed.

It is by no accident then, that the Police (Injury) Benefit Regulations (PIBR) does not reference at all the words ‘medical records’ or ‘medical notes’.  Given this fact, that no mention of the limitations of disclosure is made, such as you’ll read in the Abortion Regulations, it is clear that there is no requirement for disclosure in the first place!

There is also no implied obligation to do so because it would involve the state asserting an unqualified right to inspect confidential medical records.

Think on this for a second:  There is only one small sample of the UK populace who is frequently threatened to disclose all and every piece of medical information ever written about them in their entire life on a whim of a non-medical HR agent working for a police force.  Fail to acquiesce and a HR minion will terrorise a disabled former police officer by saying they will stop the injury award that person receives.

Everyone else in the UK is protected from such a menace – but the HR minion authoring the threats blithely continues onwards without pause.

Bureaucrats such as the medical retirement officer from Merseyside police demands full medical records from birth, ignorant (or not caring) that a request for such medical records isn’t mandated by any law.  If the former officer is female, the fact that these medical records may contain records of an abortion and therefore protected by the statutory instrument mentioned above, is criminally overlooked by the officious functionary.

When a statutory instrument calls for medical information, this is what you’ll find:

“A notice given or any information furnished to a Chief Medical Officer in pursuance of these Regulations shall not be disclosed except that disclosure may be made…[]”STATUTORY INSTRUMENTS 1991 No. 499 MEDICAL PROFESSION The Abortion Regulations 1991

Their ignorance is beyond comprehension.  In reality everyone, those with injury awards included, also have protections under the Human Rights legislation.

Don’t take our word for it.  Just listen to the European Court of Human Rights (ECHR).

It will not surprise our constant readers that the European court found that domestic law must afford appropriate safeguards to prevent any such communication or disclosure of personal health data as may be inconsistent with the guarantees in Article 8 of the Convention.

In other words there has to be effective and adequate safeguards against the possibility that either irrelevant or medically inaccurate information recorded would be re-circulated and used out of its original context to the prejudice of the person.  Such safeguards as exampled in the UK Abortion Regulations!

Before we go on an exploration of a judgement made by the European Court of Human Rights it’s worth saying first that Brexit will not change anything about the point we will make here.

The ECHR is not part of the EU and will not change on Brexit as it is completely separate from the EU.  The ECHR was drafted in the aftermath of the Second World War and adopted by the Council of Europe in 1950. It was incorporated into UK law through the Human Rights Act 1998.  Arguably, the Great Repeal Bill, which will become an Act in 2019 or 2020, will do quite the opposite of repealing anything: although the Bill will remove the 1972 European Communities Act (ECA), which gives EU law authority, first it will adopt EU law lock stock and barrel into UK law

OK.  Proviso dealt with.

We are going to talk about what the ECHR thinks of “The State” using it’s authority to demand things of it’s citizens – specifically personal data.

In 1997 “Z” applied to the European Court of Human Rights alleging that her right to privacy under the Convention was violated when her HIV status was disclosed by the media during her husband’s criminal trial.

Z v. FINLAND – 22009/93 – Chamber Judgment [1997] ECHR 10 (25 February 1997)

You are here: BAILII >> Databases >> European Court of Human Rights >> Z v. FINLAND – 22009/93 – Chamber Judgment [1997] ECHR 10 (25 February 1997) URL: http://www.bailii.org/eu/cases/ECHR/1997/10.html Cite as: 25 EHRR 371, (1999) 45 BMLR 107, [1997] ECHR 10, (1998) 25 EHRR 371


This ECHR case turned on issues of privacy as Z was the applicant complaining that Finland’s legal system had not protected her privacy rights under Article 8 of the European Convention on Human Rights throughout the process.

The Finnish police tried to investigate when X, the spouse of Z, became HIV positive to prove an attempted manslaughter charge against X;  subsequent to the victims being raped by X.   At the 1993 manslaughter hearing, Z’s doctor was called as a prosecution witness and told the court about Z’s medical history, specifically a blood test taken from Z three years earlier.   Z also took the witness stand and told the court that she had not been infected with HIV by X.

All the medical records of Z were seized by the Finnish police who added them all to items of evidence in the case files.  These records comprised some thirty documents.  Such seizure would be unlawful in the UK by virtue of the Police and Criminal Evidence Act 1984 (PACE)*.

*PACE Sections 8 and 9 and schedule 1 (see R v. Central Criminal Court ex parte Brown (1992) TLR Sept 7th) in the absence of agreement by those holding the records the police have no powers to seize or have access to ‘documentary and other records’.

X was convicted of attempted manslaughter for the three rapes he committed in 1992 and solely rape for the offence committed in 1991.   The court sentenced X to seven years imprisonment and decreed that the reasoning and case files (including Z’s medical records) should be kept confidential for a decade.

Just after the first trial a leading national newspaper reported the seizing of Z’s medical records under the headline “Prosecutor obtains medical records of wife of man accused of HIV rape”.  The article published the first name and family name of Z.

In December 1993 the convictions were upheld by Finland’s Court of Appeal.  Further, the 1991 rape as well as newly introduced 1992 rape charge was now judged to have been attempted manslaughter.  The reasoning was released to the media.  It contained a passage where Z was named as a carrier of HIV and that as the wife of X, this gave X reasonable suspicion to think he was also infected.  In any case, the Court of Appeal sentenced X to a further four years.

The media again published identifiable information of both Z and X after the Court of Appeal sent the decision by fax on the day the hearing was concluded to several newspapers.

Under Finnish law, the Court of Appeal had the power to omit any identifiers of individuals in their judgements.  The ECHR heard whether the Court of Appeal was justified to release the disclosure of Z’s identity and HIV status in the Court of Appeal’s judgement made available to the press.

It was explained to the ECHR that X’s lawyers had petitioned for the confidentially order of a decade to be extended and that Z remained anonymous.  The Court of Appeal had paid no heed.

The EHCR ruled that the publication of Z’s identity and medical condition was not supported by any cogent reasons and accordingly the publication gave rise to a violation of Z’s right to respect for her family and private life as guaranteed by Article 8.  The EHCR also made a ruling on the special nature of medical data:

In this connection, the Court will take into account that the protection of personal data, not least medical data, is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of the Convention (art. 8).

The court made it clear that health data has a special preeminence:

Respecting the confidentiality of health data is a vital principle in the legal systems of all the Contracting Parties to the Convention. It is crucial not only to respect the sense of privacy of a patient but also to preserve his or her confidence in the medical profession and in the health services in general.

We are fortunate in the UK.   Existing primary legislation such as PACE, Access to Medical Reports Act and the Data Protection Act ‘should‘ prevent medical records floating around so many of the case file bundles as happened in the case of Z.

Would the story of Z reached the ECHR if not for the media leak?  Perhaps, perhaps not.  But that’s not the point.  The point is, once medical records are ‘released into the wild‘ the subject loses control over them.

Clearly UK lawmakers know this and that is why the Abortion Regulations puts safeguards on such sensitive medical information.  The ECHR ruled that medical information needs unrivalled protection and that is why the PIBR, as a similar statutory instrument, does not call for medical records by not referencing them and by not implementing safeguards on any, HR or SMP invented, ‘implied disclosure’.

When a HR minion demands full medical records from birth there is always a possibility that your medical records will fall into the hands of those not entitled to access them.  And as a consequence the material is misused.  The story of Z is an extreme case but the Finnish Court of Appeal still made a massive mistake that potentially can be repeated if medical records aren’t treated as the most sensitive and confidential of all personal documentation and never disclosed in full just because a SMP wants to see the “whole picture”.

Are you sufficiently confident that the Finnish Court of Appeal is more incompetent than the Occupational Health unit of a police service you used to serve with?  And that your own confidential data couldn’t be used in untoward processing?  Do you know whether your medical data relates to any 3rd party?

Murphy’s law comes into play here.  The adage that is typically stated as: Anything that can go wrong, will go wrong.  No public organisation is beyond making the same mistake as one of the highest Finnish court.  Indeed, given how often police HR departments cock things up and the frequency that the Police Injury Benefit Regulations are contravened there is a much higher probability that the HR department could lose and misuse such sensitive medical data.

Talking about the original ten year confidentially order (breached by the Court of Appeal) the EHCR stated plainly that:

the interference with the applicant’s private and family life which the contested orders entailed was thus subjected to important limitations and was accompanied by effective and adequate safeguards against abuse

We’ll repeat this again: There are no limitations and there are no safeguards provided by the Police Injury Benefit Regulations in relation to confidential medical records.  Why?  Because there is no mention of confidential medical records in the Regulations.

A police force asks for full medical records from birth because their default position is that the injury award grant was wrong.  And they want their double jeopardy.  They want to reduce their financial commitment and will gladly look for a medical incident when you were 11 years old to justify their malevolence.

Case law is quite clear in this matter.  Pollard, Turner and Laws all state the last decision is final.  There is no right for them to have any medical records.  The clock cannot be ‘turned back’.

Tell them this and refer them to this blog if the HR minion disagrees.

How would the HR minion react if they themselves, or close family members, were victims of such bullying and bureaucratic blundering?  You would hear their personal outcries of injustice in their own reaction to a public authority, decades after their own retirement, sending a missive demanding disclosure to their own full medical history.

Best they realise now that following ‘orders’ gives them no protection.  They should think very carefully before signing letters demanding things they have no legal justification to demand.

 

 

 

 

 

 

 

Redacted/Unredacted

Redacted/Unredacted

“And above all, watch with glittering eyes the whole world around you because the greatest secrets are always hidden in the most unlikely places. Those who don’t believe in magic will never find it.”
Roald Dahl

Here’s the reality. This blog and the examples of institutional corruption we are highlighting  against medically-retired former police officers – and likely, those who are both vulnerable and mentally fragile – is part of the large-scale abuse of those with injury awards in this country. To an abuser who likes power and control, a disability is perfect.  The adversary to power and control is exposure.

Exposure can be denied.  So when is something off-limits and how can a public body hide disclosure under the Freedom Of Information Act?  The Freedom of Information Act in the UK does have some limits on disclosure. One method to comply with the act whilst meeting these limits is supplying material in a censored or “redacted” format.

Often you have to take the word of the public body that the redaction has been applied correctly. So when you have both the redacted and un-redacted versions of minutes from the same Avon & Somerset meetings – all of which are concerning their administration (or should that read maladministration) of injury awards – it’s evident that taking this word at face value is a mistake.

Now that these minutes are in the public domain you have the opportunity to decide whether their redaction was legitimate.

Before we get there, let us just discuss redaction.  In this method, a document is made available but with some text removed (often literally with a black marker pen). In the most straightforward cases, this may be just removing the names of junior officials or office staff, usually for privacy reasons.

It’s understandable when  redacted information constitutes personal data, and the public body would be in breach of the Data Protection Act if it were to put such information into the public domain.

But in other cases, large amounts of text are illicitly removed so that documents are almost unreadable and the information value is minimal – for no other reason than they’ll rather you not see it.

This redaction technique is abused so that certain nincompoops can deliberately leave no trace of their decision-making process within the public body they serve.

Strangely enough, such cretins seem to pop up in the administration of injury awards.

Can the disclosure of un-redacted meeting minutes really be prejudicial to the effective conduct of public affairs?  What happens if the public affairs being minuted involves evidence of Malfeasance in a public office, or official misconduct?

Redaction does not give officials an excuse to cover-up the commissioning of their unlawful acts, done in an official capacity, which affects the legitimate performance of true official duties.

It is both highly disturbing and in the public interest to discover an official policy tasked to look at the medical files relating to every individual who was medically retired by a certain deceased police surgeon (employed by Avon & Somerset police between 1972 and 2006), to ascertain if such medical retirement was in their ‘view’ unlawful/illegal.  Especially as this doctor is at the epicentre of an ongoing historical sexual abuse inquiry named Operation Hay.

Potential victims – all who served as police officers – now are suffering the ignominy of a small number of devious employees within Avon & Somerset Police digging through (and without any consent to process) sensitive personal and medical data relating to their injury awards.  In other words, a shadow investigation exists – running parallel to a major criminal inquiry – with the sordid misapprehension that every decision made by this police surgeon (employed by this force for over 30 years) is now open to be revisited.

Isn’t it absolutely abhorrent that the force chooses to investigate only the things relating to their mania to reduce injury awards and seemingly they are in no hurry to question the blood tests of convicted drunk drivers, rape cases or assaults this police surgeon helped to convict?

The IPCC is currently looking into allegations that when a number of officers – likely the same people whose medical files retained by this force are now being ferreted by Dr David Bulpitt –  came forward on separate occasions throughout the 1990s to complain about Dr Bunting, those complaints were not properly investigated by the force.  In other words, whilst the IPCC’s investigates the Operation Hay cover-up the same force is conspiring against the victims whose complaints were brushed aside.

Here are a few choice sentences that the eager redaction gremlins working in A&S attempted to hide from Freedom Of Information disclosure of the minutes of an Avon & Somerset injury award liaison group meeting.  Redaction that we’ve recovered (hence the slightly different font) that tried to hide that Dr David Bulpitt, the current force medical advisor, has been tasked with the thorough inspection of the files of potential victims.

DBu [David Bulpitt] to review all individuals’ records identified through Op Hay to ascertain which Dr awarded their band or undertook a review of a band given.Avon & Somerset OH Review meeting 23rd October 2015 action log

And

During the course of conversations it became clear that there were some concerns around why certain awards may have been made by the Dr in post at the time. It was agreed that DBu would review all of the names that are on the Op Hay list to see if they had been given an illegal/incorrect award as a result of being seen by the individual who is currently subject of an investigation.Avon & Somerset OH Review meeting 23rd October 2015 Minutes

Of course, A&S do not want the public to know this as it contrary to the law for them, in any way imaginable, to try to revisit old statutory decisions – so they take the black marker to it and redact it all in an attempt to cover it up.

Fortunately for the public good, there is an un-redacted version in the public domain.  The left side shows what happens when you give a black permanent marker to crazed scribblings of an over-enthusiastic denier of public disclosure:

Redacted Un-redacted
minutes-23rd-october-2015-before minutes-23rd-october-2015-after
 Raw & Unformated Version

Click on the image and a new tab will show the disclosure in it’s entirety.  You can use the arrows in the bottom right to toggle to the page two for those with multiple pages.pdf-next-page
We now also get to see evidence that legal services has finally accepted that the GMC enforces that every individual seen by a SMP is a patient of that SMP.

DJ [Daniel Johnson] indicated that due to the information forward to Legal Services from DBu [Dr David Bulpitt] they now had a much clearer understanding of the difficulties being experienced as a result of the GMC indicating that each individual under the review is classified as being a patientAvon & Somerset OH Review meeting 23rd October 2015 Minutes

That each and every person seen by a Selected Medical Practitioner (the prerequisite of such being GMC registration) is their patient is fact – after all it is a medical question – but they want to censure that they now accept it.  We’ve been trying to tell them this for years: the GMC guidance is unambiguous:

The first duty of a doctor registered with the GMC is to make the care of their patient their first concern. The term ‘patient’ in this guidance also refers to employees, clients, athletes and anyone else whose personal information you hold or have access to, whether or not you care for them in a traditional therapeutic relationship.
GMC Confidentiality: disclosing information for insurance, employment and similar purposes

So why is it redacted?  Could it be because it proves their position wrong perhaps.

They also decided to retract information about Operation Hay, as mentioned above, and they talk about the implied threat that legal services are going to put in the letter about suspending an injury award when consent to medical information is withdrawn.

This leads us to the ‘action log’ from the same meeting.  They redacted the recorded statement that their lawyer, Daniel Johnson, stated that such suspension is unlawful but, as an aside, they’ll still write a letter dripping with a purely heinous form of blackmail, that will be sent out to imply an unlawful thing will be actually be carried out.

Were these threatening letters actually sent out?  Perhaps they were, and the poor recipient capitulated to a threat with menaces.  Ironically, to acquiesce to such blackmail usually results in a ‘gun for hire’ SMP applying apportionment or some unlawful earnings assessment to reduce the injury award; see the predicament the former officer faces? – they are truly damned if they don’t and then damned anyway.

If anyone reading this has received such a letter, then they are advised to seek counsel with a specialist solicitor.

Looking behind the black permanent marker and you see this:

DJ advised the Pension Authority that when sending out letters to individuals who have withdrawn consent that a reduction in banding given can only be implied as you cannot predetermine and outcome if release is not madeAction Log 23rd October 2015

So far they have obviously redacted the truths that we have been shouting for a while, but few in a position of power believed – the truth that they manipulate the law for their own ends.

Here is the action log for the 23/10/2015 meeting in its ingloriously malignant splendour:

Redacted Un-redacted
action-log-23rd-october-2015-before action-log-23rd-october-2015-after
 Raw & Unformated Version

Rather than try to hide it by redacting, the stuff found within shouldn’t have been thought, said nor written in the first place.

What else have these deviants been up to?

The 1st of March minutes has a section redacted that mentions reviewing people without passing the medical question to the SMP. On it’s own, this isn’t too aberrant.  However, if you factor in the draconian practice this force has conducted to drag severely ill people – those who haven’t had any correspondence from the force for a long time – in front of Dr Philip Johnson without exemption, you start to wonder why the sudden deviation from their usual behaviour.

Apparently a band four (therefore one of Dr Bulpitt’s  unfavoured selfish and preposterous few) and band one were reviewed on paper by Dr Bulpitt himself, without the demand to be medically examined.  Rather a change of tactic here given that Dr Philip Johnson earned £74,220 for 46 days work from Avon & Somerset in from December 1st 2015 to 11th October 2016.

Redacted Un-redacted
minutes-1st-march-2016-before minutes-1st-march-2016-after

If Bulpitt was doing the work of a SMP, why was Johnson still being paid?  And why are some retired officers forced to see Dr Johnson and interrogated for two hours when others get a free pass for a paper review?  Consistency is not their strong point.

And finally onto the 14th June 2016 minutes.  This is the excerpt that has been redacted from the document on the left:

RW raised the issues of information disclosed via FOI’s, as LG personal email  had been disclosed, although we are unsure through which avenue FOI or
Subject Access request.
Action: SA to check with relevant depts. and CD to check with JK  SA/CD

RW is Richard Wand.  He is a former constable and now a civilian employed by Avon & Somerset Federation JBB as a Regulations and Welfare Advisor

Redacted Un-redacted
14th-june-2016-notes-of-iod-liaison-group-mtg-before 14th-june-2016-notes-of-iod-liaison-group-mtg-after
Raw & Unformated version

Hardly a section that screams out to be redacted given LG is unidentified and RW is listed, un-redacted, as an attendee: Richard Wand RW Police Federation.  There does not seem to be any sane reason why redaction has been implemented but it is a clear example why you shouldn’t trust the whys and wherefores they use to justify redacting something.

They want to hide behind the black permanent marker.  Unfortunately on this occasion the marker was filled with disappearing ink.

Abuse of the Freedom of Information Act is bad enough when it happens.  When it is the Police performing the abuse the affect is magnified exponentially as their expected standard is higher given their position and that they have a near-monopoly on the use of coercive force.

It is also clear that when these people do things in the full knowledge that they are wrong they put aside the fact that the legitimacy of the police in the eyes of the public is a significant determinant of police effectiveness.

For those reading this, shocked and with their mouths agape, staring at a screen and trying to parse everything that has happened, here’s a recap:

  • The lead solicitor for the Legal Services department of Avon & Somerset constabulary has confirmed that Regulation 33 PIBR 2006 cannot be used to punish the withdrawal of medical consent.  Despite this, he is fully prepared to deceive a member of the public into believing that their injury award can be punitively reduced by suggestion alone.  This policy had been redacted as a means of censorship to avoid the ensuing scandal. 
  • The force medical advisor of the same police force that employed a doctor (now deceased), whose actions are currently under investigation for dozens of sex attacks on young officers during medical examinations, has taken it upon himself to revisit final statutory decisions by looking whether all the ill-health retirements decided by the police pension authority, over a period of 30 years, were unlawful.   This policy had been redacted as a means of censorship to avoid the ensuing scandal.

You might think that sounds conspiratorial. It is.

This is more than just isolated bad-apples.  The utterings of those who attended these IOD liaison meeting meetings was not redacted by them – powers above them allowed this happen.  Another internal department would’ve been complicit in deciding  to remove whatever they considered sensational:  Corporate Information Management, Legal Services and no doubt, members of the senior executive team must have had a role to authorise this.  You can imagine how it was said, with a red-faced senior figure screaming “whatever you do, don’t let that get out!

What does it say about the culture of ethics existing in such an organisation that allows a cover-up to evolve into a conspiracy.

When a member of Parliament gives such a damning speech in the House of Commons – Mr Ian Liddell-Grainger (Bridgwater and West Somerset) (Con) on the Chief Constable Of Avon And Somerset Police Force – there is clearly a systemic ‘rotten barrel’ explanation that permeates through the senior management subculture.

From this point onwards do not give the police force you served with the benefit of the doubt.  When you are sent a threatening letter, think that they are probably lying and trying to coerce you to do something you have no lawful obligation to do.

If you are disclosed heavily redacted information then demand them to explain the exemption applied.  If they refuse to explain why each and every sentence has been blacked out then take the matter to the ICO.

The minutes should be specific to the matter being minuted.  You asked for disclosure from that meeting and therefore everything talked about, excluding the obvious personal information, should be in play for disclosure.

Hiding behind a veil of secrecy is an act deployed by Soviet Union’s KGB and East Germany’s Stasi.  It is unforgivable for such tactics to be seen in the UK.

As our skin crawls, it is worth forcing ourselves to look at the reality – we must confront not only the scale of these abused, disabled victims but also this country’s failure to help them.

 

 

Is Your Data Safe in Police Hands?

Is Your Data Safe in Police Hands?

“Success does not consist in never making mistakes but in never making the same one a second time.”
George Bernard Shaw

 
Our officers stand on the thin blue line ready to protect their community. In truth, quite often that thin blue line is a battle line we have drawn between law abiding citizens and the criminals who would harm them.

When the concept of a uniformed police force was first championed by Sir Robert Peel in London in the early 1800s, he was met with much resistance due to fears of what would essentially be a standing army within the city; comparisons were made to police as a government-sanctioned occupying force. The problem of how to enforce laws while preserving rights is not at all new.

Those police officers sweating it out on the front line: that’s where the concept of Guardian Policing comes in. But the Guardians of these Guardians are failing the thin blue line.

Those behind the scenes are not competent custodians of the data they hold on both those who serve the public nor those that have been medically retired – even victims are being let down by shockingly lackadaisical data protection procedures.

The management of personal data within police forces has become a travesty and police and civilian senior management are acting like an occupying army in defence mode and under siege. Whilst they disingenuously proclaim their conduct is correct, in reality rights and liberties are definitely not being preserved.

We at IODPA have been saying that Police Pension authorities have no lawful and legitimate reason to demand full disclosure of medical records from birth when they decide to review an injury award.

Put the question of the legality to retain personal sensitive data aside momentarily and stop to think for a second … if you are a medically retired officer with an injury award, do you think that your personal sensitive data is in good hands? Do you really think it is safe for them to hold your full medical records for eternity – to dip into them whenever they like, by whomever they like?

Think again. In July 2016 Big Brother Watch published a report entitled, ‘Safe in Police Hands’. The subtitle of the report is ‘How Police Forces suffer 10 data breaches every week and still want more of your data’.

Safe-in-Police-Hands

Everything contained with this report is relevant to your confidential data retained when you, as a police officer, was medically retired. Police forces do not treat your data with extra care just because you used to serve as a police officer. The truth is quite the opposite. You are more likely to be a potential victim of a data protection breach compared to a member of the public, for they definitely have your data – others become victims as and when they come into police contact.

Often they will have lost your data but they will claim they haven’t. They will cherry-pick and redact information when supposedly complying with a subject access request under the Data Protection Act. Given your own knowledge of your former employer, do you think they have the capacity to be prepared to conceal, remove or destroy incriminating evidence of injustice you suffered but otherwise, until asking for your data, had no physical proof?

They are quick to deny they breach data protection protocols. The numbers say differently:

Table 1. 1st June 2011 – 31st December 2015

No. Police Force Number of Data Breaches
1 West Midlands 488
2 Surrey Police 202
3 Humberside Police 168
4 Avon and Somerset 163
5 Greater Manchester 100
6 North Yorkshire 98
7 Cheshire Constabulary 85
8 Dorset Police 81
8 Kent Police 81
9 Merseyside Police 77
10 West Mercia 73

Just this week there have been major breaches of personal data involving involving not only GMP but the supposed guardian of the police complaints system in England and Wales, the Independent Police Complaints Commission.

[wp_links_page_free]

The quote from the victim’s solicitor is very revealing. Showing the default position of defensiveness-  never to admit there’s been a problem unless they’ve been forced by an external agency to come clean.

He added GMP had initially refused to accept it had done anything wrong and its internal investigation concluded no officer had infringed the police code of conduct.

If they never accept they are wrong are the self-reported figures given to answer Big Brother Watch’s Freedom of Information request actually accurate or it is an under-representation of the true number of breaches?

What is the point of the College of Policing data protection principles if they can’t even ‘police’ themselves?