Feeds

Prosecutors opt for 'malfeasance' over DPA to charge officials

New crimes, old law

Secure remote control for conventional and virtual desktops

If you are employed in the public sector, you can forget about offences under the Data Protection Act if there is deliberate misuse of personal data.

In the absence of a custodial sentence, in more serious cases, prosecutors are increasingly opting for the blunt instrument that is the common law offence of "malfeasance in public office". The offence does not need "personal data" or a computer or even an official secret – all it needs is a public official to be caught deliberately doing the wrong thing.

The offence itself, because it is not based on statute, is not easily defined and perhaps this is why it is used. It gathers into one offence, a range of official misconducts, frauds, deceits, breaches of trust, and disclosures of information. "Malfeasance in public office" has two related cousins – "nonfeasance in public office" (eg a wilful neglect of duty) and "misfeasance in public office" (eg malicious exercise of official duty). The punishment for this offence comes with a potentially unlimited custodial sentence and unlimited fine. As with all common law issues, the penalty depends on the circumstances and this provides another reason why it is preferred.

The offence is a prosecutor's dream – the ultimate in flexibility. No need to argue that there was personal data involved, especially if manual records are involved. Note that the malfeasance offence avoids all sorts of side issues. For example for a local authority, unauthorised disclosure of details from Housing Records is an offence, but unauthorised disclosure of Housing Benefits files is not. Also, in serious cases, the Section 55 offence of the DPA is non-custodial; malfeasance can carry a significant jail term.

The law gets tough on 'malfeasors'

For example, in April 2007, James Andrew Hardy, a police officer who improperly accessed a police database and passed individuals' personal details on to a man with a violent criminal record had his jail term increased by the Court of Appeal to nine months, following an appeal by the Attorney General. He had been previously found guilty of the malfeasance offence but was given a suspended prison sentence of 28 weeks and 300 hours of community service.

In January 2005, special Constable Geraldine Tabor was fined £1,000 for malfeasance when she looked up the criminal records of fellow employees at the petrol station where she worked. Special constables are part-time volunteers and Tabor claimed she had looked up the details because she suspected one employee of stealing fuel and the other of stealing bags of chocolate oranges. By contrast, in 2004, a police computer operator in Gwent was only fined £400 under the Data Protection Act for using the police database to look up four of her friends because she was bored.

In October 2005, a vehicle registration official, Barry Saul Dickinson, gave drivers' addresses to animal rights activists and was jailed, courtesy of the malfeasance offence, for five months. According to the police at the time, "Dickinson accessed DVLA computer systems to look up people's registration numbers", and passed names and addresses to animal rights extremists.

In June 2007, a civilian police worker pleaded guilty to malfeasance in a public office by leaking confidential details on terrorism to a newspaper. Thomas Lund-Lack, 59, who was working in the Metropolitan Police's counter-terrorism unit, disclosed a document to a Sunday Times journalist because he was fed up with government policy. In this case, the further charge of breaching the Official Secrets Act was expected to be ordered to lie on file pending sentence. Just pause for a moment to reflect – if a prosecutor has to choose between malfeasance and Official Secrets, it is malfeasance which prevails.

All the above offences could have been brought under data protection, computer misuse or other legislation – all of which need some degree of technicality to overcome. For example, was the information in question actually personal data or stored on a computer? Malfeasance in public office does away with the technicalities. All it needs is evidence that someone misused their authority as a public official.

Public sector readers and contractors to the public sector should thus ensure that their training courses cover this offence.

We are running several sets of data protection courses next year. We are running the five-day intensive course in Edinburgh (beginning 24 February) and in Leeds (beginning 3 March). These courses cover the DP ISEB syllabus and prepare delegates for the examination in April 2011, although you do not need to be seeking the qualification to attend.

Our next FOI course starts in Manchester on 26th January. As with Data Protection, these courses cover the FOI ISEB syllabus for the examination in April 2011, although you do not need to be seeking the qualification to attend.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.