A sensitive police database detailing 203 alleged gang members and the weapons they are believed to carry was leaked by a London council in January 2017 and subsequently fell into gang hands, The Computer Business Review reveals with a reference to an Information Commissioner’s Office (ICO) report.
The Newham Council’s borough subsequently experienced a “number of incidents of serious gang violence after the report was shared on Snapchat. The unredacted database had included alleged gang affiliation, dates of birth, home addresses, and information on whether they were a prolific firearms offender or knife carrier.
Victims of the violence included people who featured on the so-called “Gangs Matrix” the ICO notes, adding it cannot definitely link the breach and the violence.
Fining Newham council £145,000 this week, the data watchdog said: “It is not possible to say whether there was a causal connection between any individual incidents of violence and the data breach. The ICO does highlight the significant harm and distress that can be caused when this type of sensitive personal information is not kept secure.”
In a scathing report published Thursday, the ICO noted that the council had failed to notify it of the breach in early 2017 and did not start its own internal investigation until December of that year; a “significant period” after the council became aware of the breach.
This had occurred after a staff member emailed both a redacted and an unredacted copy of the database to 44 recipients.
These included council employees, a voluntary agency and the council’s Youth Offending Team. It was unclear from the report how it subsequently leaked to gang members.
The database in question, created following the London riots of 2012, is used to keep records on suspected gang members. The Metropolitan Police Service uses the database as a risk-assessment tool in tackling London gangs and has dubbed it the ‘Gangs Matrix’.
James Dipple-Johnstone, Deputy Commissioner of the ICO commented in the report that: “We recognise there is a national concern about violent gang crime and the importance of tackling it. We also recognise the challenges of public authorities in doing this. Appropriate sharing of information has its part to play in this challenge but it must be done lawfully and safely.
“Our investigation concluded that it was unnecessary, unfair and excessive for Newham Council to have shared the unredacted database with a large number of people and organisations, when a redacted version was readily available. The risks associated with such a transfer of sensitive information should have been obvious.”
During the course of their investigation the ICO discovered that Newham Council had little to no policy or sharing agreements in place when it came to the handling of data taking from the Gang Matrix.
This resulted in the information being openly shared among staff and third-party organisations they interacted with during the course of their work.
This is not the first time the ICO has had to deal with mishandling of information contained within the gangs’ database. In November of 2018, the ICO found ‘multiple and serious breaches’ in the way police forces were using the Gangs Matrix.
Their investigation followed an Amnesty report into the matrix that stated: “Our research shows that the Gangs Matrix is based on a vague and ill-defined concept of ‘the gang’ that has little objective meaning and is applied inconsistently in different London boroughs.”
“The Matrix itself and the process for… sharing data with partner agencies appears to be similarly ill-defined with few, if any, safeguards and little oversight.”
Following an investigation the ICO concluded that many of the findings in the report were correct and subsequently issued an enforcement notice to the Met requiring it to make changes to the Matrix in order for it to comply with data protection regulations.