Feeds

Prosecutors opt for 'malfeasance' over DPA to charge officials

New crimes, old law

Next gen security for virtualised datacentres

If you are employed in the public sector, you can forget about offences under the Data Protection Act if there is deliberate misuse of personal data.

In the absence of a custodial sentence, in more serious cases, prosecutors are increasingly opting for the blunt instrument that is the common law offence of "malfeasance in public office". The offence does not need "personal data" or a computer or even an official secret – all it needs is a public official to be caught deliberately doing the wrong thing.

The offence itself, because it is not based on statute, is not easily defined and perhaps this is why it is used. It gathers into one offence, a range of official misconducts, frauds, deceits, breaches of trust, and disclosures of information. "Malfeasance in public office" has two related cousins – "nonfeasance in public office" (eg a wilful neglect of duty) and "misfeasance in public office" (eg malicious exercise of official duty). The punishment for this offence comes with a potentially unlimited custodial sentence and unlimited fine. As with all common law issues, the penalty depends on the circumstances and this provides another reason why it is preferred.

The offence is a prosecutor's dream – the ultimate in flexibility. No need to argue that there was personal data involved, especially if manual records are involved. Note that the malfeasance offence avoids all sorts of side issues. For example for a local authority, unauthorised disclosure of details from Housing Records is an offence, but unauthorised disclosure of Housing Benefits files is not. Also, in serious cases, the Section 55 offence of the DPA is non-custodial; malfeasance can carry a significant jail term.

The law gets tough on 'malfeasors'

For example, in April 2007, James Andrew Hardy, a police officer who improperly accessed a police database and passed individuals' personal details on to a man with a violent criminal record had his jail term increased by the Court of Appeal to nine months, following an appeal by the Attorney General. He had been previously found guilty of the malfeasance offence but was given a suspended prison sentence of 28 weeks and 300 hours of community service.

In January 2005, special Constable Geraldine Tabor was fined £1,000 for malfeasance when she looked up the criminal records of fellow employees at the petrol station where she worked. Special constables are part-time volunteers and Tabor claimed she had looked up the details because she suspected one employee of stealing fuel and the other of stealing bags of chocolate oranges. By contrast, in 2004, a police computer operator in Gwent was only fined £400 under the Data Protection Act for using the police database to look up four of her friends because she was bored.

In October 2005, a vehicle registration official, Barry Saul Dickinson, gave drivers' addresses to animal rights activists and was jailed, courtesy of the malfeasance offence, for five months. According to the police at the time, "Dickinson accessed DVLA computer systems to look up people's registration numbers", and passed names and addresses to animal rights extremists.

In June 2007, a civilian police worker pleaded guilty to malfeasance in a public office by leaking confidential details on terrorism to a newspaper. Thomas Lund-Lack, 59, who was working in the Metropolitan Police's counter-terrorism unit, disclosed a document to a Sunday Times journalist because he was fed up with government policy. In this case, the further charge of breaching the Official Secrets Act was expected to be ordered to lie on file pending sentence. Just pause for a moment to reflect – if a prosecutor has to choose between malfeasance and Official Secrets, it is malfeasance which prevails.

All the above offences could have been brought under data protection, computer misuse or other legislation – all of which need some degree of technicality to overcome. For example, was the information in question actually personal data or stored on a computer? Malfeasance in public office does away with the technicalities. All it needs is evidence that someone misused their authority as a public official.

Public sector readers and contractors to the public sector should thus ensure that their training courses cover this offence.

We are running several sets of data protection courses next year. We are running the five-day intensive course in Edinburgh (beginning 24 February) and in Leeds (beginning 3 March). These courses cover the DP ISEB syllabus and prepare delegates for the examination in April 2011, although you do not need to be seeking the qualification to attend.

Our next FOI course starts in Manchester on 26th January. As with Data Protection, these courses cover the FOI ISEB syllabus for the examination in April 2011, although you do not need to be seeking the qualification to attend.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?