Feeds

CPS grovels after leaking IDs of hundreds arrested during student riots

FOI blunder spaffed details of people released uncharged

Next gen security for virtualised datacentres

Exclusive A botched response to a Freedom Of Information Act request could be about to cost the Crown Prosecution Service (CPS) dear. Prosecutors have issued grovelling apologies after revealing the identities of over a hundred people who were arrested during the tuition-fee riots but subsequently released without charge.

Back in June, a member of the public asked the CPS under the FOIA to provide figures for costs and resources used in the Metropolitan Police’s Operation Malone – the generic title given to investigations following a series of demonstrations by students against tuition fees in 2010 and 2011.

The requester was bowled over when, instead of the customary refusal or obfuscations, they received a spreadsheet containing the names of 299 demonstrators arrested not just through Malone, but also during the disturbances and later under another operation, code-named Brontide.

The CPS provided the names of some 116 individuals who have not been charged; names of those charged but then acquitted; and the names of 44 individuals aged under 18 - whose details would not have been revealed regardless of outcome. Also recorded are details of defending solicitors, plus some personal observations, including comment on individual medical issues.

In the normal course of an FOIA request, all this information would in due course have been published automatically, but in the event the CPS was warned before this could take place. Nonetheless the blunder is a serious data breach and the CPS has sent a letter to everyone affected.

The letter, a copy of which has been seen by The Register, reads in part:

I am writing to inform you that some of your personal data has been inadvertently disclosed in error ...

The information disclosed includes your full name, date of birth, the Police Unique Reference Number (URN), the offence with which you were charged, the first appearance date at court and the nature of the next hearing [where applicable] ...

I understand that you may find the contents of this letter upsetting ...

The CPS has disclosed details of the breach to the Information Commissioner's Office.

Simon Entwistle, the ICO’s director of operations, commented to the Register:

“The public expects their personal data to be properly looked after by organisations. Where it looks like this hasn’t happened, the Information Commissioner’s Office will investigate, with powers to issue monetary penalties up to £500,000 where appropriate.”

MP John McDonnell, who has been campaigning on behalf of the students in these cases, is considering raising the matter in Parliament. He told The Register:

"This all shows how the policing of protest is increasingly out of control."

A CPS spokesperson supplied the Reg with the following statement:

Since becoming aware of this breach on 13 September 2012, the CPS has written and apologised to those whose details appeared on the document. The individual to whom the information was disclosed has also been contacted and advised that the information was provided in error and requested that it be destroyed. The CPS Chief Operating Officer has commissioned a review of this incident and the systems and controls we have in place which failed on this occasion, to be conducted by a senior and experienced prosecutor from another CPS Division. The findings will be acted upon as a matter of priority to ensure that such an error does not recur.

Of particular concern is the issue of what would have happened had the matter not been brought to the CPS's attention. According to its standard FOI procedures, the results of individual inquiries are published three months after being supplied to the original requester. It is unclear whether further checks would have been carried out then - or whether the entire file would simply have been broadcast to the nation. ®

Updated to Add

Since this article was was published a CPS spokesman has supplied the Register with a further statement saying that not all FOI responses are released to the public.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.