Feeds

Police may have had a duty to notify phone-hacking victims

Make sure no-one's listening in when you do, though

  • alert
  • submit to reddit

Boost IT visibility and business value

The Metropolitan Police knew that numerous mobile phones had been illegally hacked by private investigators but failed to alert the phones' owners, according to The Guardian newspaper. If so, the victims should have been told, a privacy expert has said.

The Guardian alleged this week that Rupert Murdoch's News Group newspapers paid out more than £1 million to settle legal cases that threatened to expose evidence of journalists using private investigators to hack into the private mobile phone messages of numerous public figures.

"The suppressed legal cases are linked to the jailing in January 2007 of News of the World reporter Clive Goodman for hacking into the mobile phones of three royal staff," it reports. It also adds that at that time, News Group newspapers' parent, News International, claimed that it knew of no other journalist involved in hacking phones.

It cites two unnamed sources in the Met, one of whom claims that officers found evidence of "two or three thousand" mobile phones having been hacked. The Guardian says that the Met failed to notify the owners of those phones and says that the evidence calls that failure into question.

Rosemary Jay, a data protection expert at Pinsent Masons, the law firm behind OUT-LAW.COM, said that if police knew the details of numerous hacked phones, they would have had a duty to notify the phones' owners.

The hacking of phones is a crime under the Regulation of Investigatory Powers Act 2000. According to Jay, police would have a duty under the Data Protection Act to notify the victims.

"If a crime has been committed in the way that is suggested and police knew the people affected, I think police would have a duty themselves under the Data Protection Act to notify the victims," she said. "That would have given them an opportunity at least to change their mobile phone numbers."

The Data Protection Act says that personal data must be processed fairly and lawfully. It also says that when personal data is obtained from someone other than the subject, the controller of that data must ensure that the subject is given some basic information about the circumstances of the data being obtained.

"This would not apply if telling individuals would entail a disproportionate effort, or in cases where the disclosure would prejudice the prevention or detection of crime," said Jay. "But I struggle to see how the police could rely on either of these justifications. Calling these people is neither laborious nor likely to hamper any investigation."

The Guardian also alleges unauthorised access to confidential databases, such as telephone accounts, bank records and the DVLA's vehicle database. That is an offence under section 55 of the Data Protection Act, but not one that can be punished by a custodial sentence.

In 2006, Information Commissioner Richard Thomas called for that to change, arguing that the 'blagging' of personal data had to be deterred. He said that the illegal buying and selling of personal information should carry a maximum penalty of two years' imprisonment.

The Criminal Justice and Immigration Act of 2008 provides for that custodial sentence, but the provision has never been brought into force.

"I expect that the new Commissioner, Christopher Graham, will call for that change on the back of today's allegations," said Jay.

"There is a defence to section 55 and the new amendment where the circumstances of the blagging can be justified as being in the public interest – but that will not justify fishing expeditions," she said. "Amid today's allegations that blagging was systematic, affecting thousands of individuals, there are unlikely to be more than a handful of cases that can be justified as being in the public interest."

A spokesman for the Information Commissioner's Office told OUT-LAW today: "Any changes to the law are of course a matter for the Ministry of Justice but the ICO continues to believe that custodial sentences are needed as an effective deterrent to those who might be tempted to take part in the unlawful trade in personal information."

"We will be watching the blagging market closely, will prosecute any case supported by evidence and will highlight future breaches of section 55 of the Data Protection Act to Ministers and to Parliament," the spokesman said.

Under RIPA, both the hacker of a mobile phone and those who commissioned the hacking would face the risk of prosecution. There is no public interest defence in that law.

The Met police declined to comment on the accuracy of the Guardian's allegations.

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.