Feeds

Prosecutors opt for 'malfeasance' over DPA to charge officials

New crimes, old law

The Power of One Infographic

If you are employed in the public sector, you can forget about offences under the Data Protection Act if there is deliberate misuse of personal data.

In the absence of a custodial sentence, in more serious cases, prosecutors are increasingly opting for the blunt instrument that is the common law offence of "malfeasance in public office". The offence does not need "personal data" or a computer or even an official secret – all it needs is a public official to be caught deliberately doing the wrong thing.

The offence itself, because it is not based on statute, is not easily defined and perhaps this is why it is used. It gathers into one offence, a range of official misconducts, frauds, deceits, breaches of trust, and disclosures of information. "Malfeasance in public office" has two related cousins – "nonfeasance in public office" (eg a wilful neglect of duty) and "misfeasance in public office" (eg malicious exercise of official duty). The punishment for this offence comes with a potentially unlimited custodial sentence and unlimited fine. As with all common law issues, the penalty depends on the circumstances and this provides another reason why it is preferred.

The offence is a prosecutor's dream – the ultimate in flexibility. No need to argue that there was personal data involved, especially if manual records are involved. Note that the malfeasance offence avoids all sorts of side issues. For example for a local authority, unauthorised disclosure of details from Housing Records is an offence, but unauthorised disclosure of Housing Benefits files is not. Also, in serious cases, the Section 55 offence of the DPA is non-custodial; malfeasance can carry a significant jail term.

The law gets tough on 'malfeasors'

For example, in April 2007, James Andrew Hardy, a police officer who improperly accessed a police database and passed individuals' personal details on to a man with a violent criminal record had his jail term increased by the Court of Appeal to nine months, following an appeal by the Attorney General. He had been previously found guilty of the malfeasance offence but was given a suspended prison sentence of 28 weeks and 300 hours of community service.

In January 2005, special Constable Geraldine Tabor was fined £1,000 for malfeasance when she looked up the criminal records of fellow employees at the petrol station where she worked. Special constables are part-time volunteers and Tabor claimed she had looked up the details because she suspected one employee of stealing fuel and the other of stealing bags of chocolate oranges. By contrast, in 2004, a police computer operator in Gwent was only fined £400 under the Data Protection Act for using the police database to look up four of her friends because she was bored.

In October 2005, a vehicle registration official, Barry Saul Dickinson, gave drivers' addresses to animal rights activists and was jailed, courtesy of the malfeasance offence, for five months. According to the police at the time, "Dickinson accessed DVLA computer systems to look up people's registration numbers", and passed names and addresses to animal rights extremists.

In June 2007, a civilian police worker pleaded guilty to malfeasance in a public office by leaking confidential details on terrorism to a newspaper. Thomas Lund-Lack, 59, who was working in the Metropolitan Police's counter-terrorism unit, disclosed a document to a Sunday Times journalist because he was fed up with government policy. In this case, the further charge of breaching the Official Secrets Act was expected to be ordered to lie on file pending sentence. Just pause for a moment to reflect – if a prosecutor has to choose between malfeasance and Official Secrets, it is malfeasance which prevails.

All the above offences could have been brought under data protection, computer misuse or other legislation – all of which need some degree of technicality to overcome. For example, was the information in question actually personal data or stored on a computer? Malfeasance in public office does away with the technicalities. All it needs is evidence that someone misused their authority as a public official.

Public sector readers and contractors to the public sector should thus ensure that their training courses cover this offence.

We are running several sets of data protection courses next year. We are running the five-day intensive course in Edinburgh (beginning 24 February) and in Leeds (beginning 3 March). These courses cover the DP ISEB syllabus and prepare delegates for the examination in April 2011, although you do not need to be seeking the qualification to attend.

Our next FOI course starts in Manchester on 26th January. As with Data Protection, these courses cover the FOI ISEB syllabus for the examination in April 2011, although you do not need to be seeking the qualification to attend.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.