show image

Newham Council fined £145,000 over gang database breach

The UK’s data protection watchdog has fined Newham Council £145,000 after photographs of a controversial police intelligence database fell into the hands of two rival gangs.

In a damning report published on Thursday, the Information Commissioner concluded it was not possible to establish whether the leaked material had led to a number of incidents of serious gang violence in the borough, including the murder of a 14-year-old boy named “Chris” who had appeared on the list.

But the commissioner said the incidents were highlighted in the report because “they are highly relevant to the nature and extent of the harm that could result if personal data of the type contained in the unredacted database was not processed under strict controls”.

The investigation was launched after it emerged that an employee at the council had sent two versions of the Metropolitan Police’s controversial “Gangs Matrix” – only one of which had been redacted – to 44 recipients, including external agencies.

The unredacted document revealed gang members’ names, home addresses, risk scores, ethnicities, nicknames, dates of birth, gang names, and whether they were prolific firearms offenders or habitual knife carriers.

The Met had created the redacted version, which removed some identifying information, specifically so that councils could pass it on to other organisations without putting people at risk. The Met told the ICO it had not given Newham permission for the unredacted version to be shared externally.

Neither the Met nor the Information Commissioner was able to determine how photographs of the database came into the gang members’ possession, but once it did it started circulating on Snapchat.

A report by Amnesty International last year concluded the Matrix was “racially discriminatory” and “the wrong tool for the wrong problem”. A subsequent investigation by the ICO revealed the Met had breached data protection laws.

The report criticised the council for not carrying out an investigation into the data breach until December, nearly a year after the unredacted email database had been shared, and for providing “inaccurate and incomplete information” in response to the commissioner’s inquiries.

“We recognise there is a national concern about violent gang crime and the importance of tackling it,” said James Dipple-Johnstone, the deputy information commissioner. “We also recognise the challenges of public authorities in doing this. Appropriate sharing of information has its part to play in this challenge but it must be done lawfully and safely.”

“Our investigation concluded that it was unnecessary, unfair and excessive for Newham Council to have shared the unredacted database with a large number of people and organisations, when a redacted version was readily available. The risks associated with such a transfer of sensitive information should have been obvious.”

Newham Council’s mayor, Rokhsana Fiaz, apologised for the incident. “On behalf of Newham Council I accept the seriousness of the unredacted gangs matrix list being distributed on this single occasion in January 2017 and am sorry that it happened. While there were information sharing protocols in place at the time, clearly they could have been better. The Information Commissioner has recognised that the breach was not deliberate and we welcome that.”