Feeds

Police may have had a duty to notify phone-hacking victims

Make sure no-one's listening in when you do, though

  • alert
  • submit to reddit

Boost IT visibility and business value

The Metropolitan Police knew that numerous mobile phones had been illegally hacked by private investigators but failed to alert the phones' owners, according to The Guardian newspaper. If so, the victims should have been told, a privacy expert has said.

The Guardian alleged this week that Rupert Murdoch's News Group newspapers paid out more than £1 million to settle legal cases that threatened to expose evidence of journalists using private investigators to hack into the private mobile phone messages of numerous public figures.

"The suppressed legal cases are linked to the jailing in January 2007 of News of the World reporter Clive Goodman for hacking into the mobile phones of three royal staff," it reports. It also adds that at that time, News Group newspapers' parent, News International, claimed that it knew of no other journalist involved in hacking phones.

It cites two unnamed sources in the Met, one of whom claims that officers found evidence of "two or three thousand" mobile phones having been hacked. The Guardian says that the Met failed to notify the owners of those phones and says that the evidence calls that failure into question.

Rosemary Jay, a data protection expert at Pinsent Masons, the law firm behind OUT-LAW.COM, said that if police knew the details of numerous hacked phones, they would have had a duty to notify the phones' owners.

The hacking of phones is a crime under the Regulation of Investigatory Powers Act 2000. According to Jay, police would have a duty under the Data Protection Act to notify the victims.

"If a crime has been committed in the way that is suggested and police knew the people affected, I think police would have a duty themselves under the Data Protection Act to notify the victims," she said. "That would have given them an opportunity at least to change their mobile phone numbers."

The Data Protection Act says that personal data must be processed fairly and lawfully. It also says that when personal data is obtained from someone other than the subject, the controller of that data must ensure that the subject is given some basic information about the circumstances of the data being obtained.

"This would not apply if telling individuals would entail a disproportionate effort, or in cases where the disclosure would prejudice the prevention or detection of crime," said Jay. "But I struggle to see how the police could rely on either of these justifications. Calling these people is neither laborious nor likely to hamper any investigation."

The Guardian also alleges unauthorised access to confidential databases, such as telephone accounts, bank records and the DVLA's vehicle database. That is an offence under section 55 of the Data Protection Act, but not one that can be punished by a custodial sentence.

In 2006, Information Commissioner Richard Thomas called for that to change, arguing that the 'blagging' of personal data had to be deterred. He said that the illegal buying and selling of personal information should carry a maximum penalty of two years' imprisonment.

The Criminal Justice and Immigration Act of 2008 provides for that custodial sentence, but the provision has never been brought into force.

"I expect that the new Commissioner, Christopher Graham, will call for that change on the back of today's allegations," said Jay.

"There is a defence to section 55 and the new amendment where the circumstances of the blagging can be justified as being in the public interest – but that will not justify fishing expeditions," she said. "Amid today's allegations that blagging was systematic, affecting thousands of individuals, there are unlikely to be more than a handful of cases that can be justified as being in the public interest."

A spokesman for the Information Commissioner's Office told OUT-LAW today: "Any changes to the law are of course a matter for the Ministry of Justice but the ICO continues to believe that custodial sentences are needed as an effective deterrent to those who might be tempted to take part in the unlawful trade in personal information."

"We will be watching the blagging market closely, will prosecute any case supported by evidence and will highlight future breaches of section 55 of the Data Protection Act to Ministers and to Parliament," the spokesman said.

Under RIPA, both the hacker of a mobile phone and those who commissioned the hacking would face the risk of prosecution. There is no public interest defence in that law.

The Met police declined to comment on the accuracy of the Guardian's allegations.

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The Essential Guide to IT Transformation

More from The Register

next story
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Government's 'Google Review' copyright rules become law
Welcome in a New Era ... of copyright litigation
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.