Feeds

CPS grovels after leaking IDs of hundreds arrested during student riots

FOI blunder spaffed details of people released uncharged

Secure remote control for conventional and virtual desktops

Exclusive A botched response to a Freedom Of Information Act request could be about to cost the Crown Prosecution Service (CPS) dear. Prosecutors have issued grovelling apologies after revealing the identities of over a hundred people who were arrested during the tuition-fee riots but subsequently released without charge.

Back in June, a member of the public asked the CPS under the FOIA to provide figures for costs and resources used in the Metropolitan Police’s Operation Malone – the generic title given to investigations following a series of demonstrations by students against tuition fees in 2010 and 2011.

The requester was bowled over when, instead of the customary refusal or obfuscations, they received a spreadsheet containing the names of 299 demonstrators arrested not just through Malone, but also during the disturbances and later under another operation, code-named Brontide.

The CPS provided the names of some 116 individuals who have not been charged; names of those charged but then acquitted; and the names of 44 individuals aged under 18 - whose details would not have been revealed regardless of outcome. Also recorded are details of defending solicitors, plus some personal observations, including comment on individual medical issues.

In the normal course of an FOIA request, all this information would in due course have been published automatically, but in the event the CPS was warned before this could take place. Nonetheless the blunder is a serious data breach and the CPS has sent a letter to everyone affected.

The letter, a copy of which has been seen by The Register, reads in part:

I am writing to inform you that some of your personal data has been inadvertently disclosed in error ...

The information disclosed includes your full name, date of birth, the Police Unique Reference Number (URN), the offence with which you were charged, the first appearance date at court and the nature of the next hearing [where applicable] ...

I understand that you may find the contents of this letter upsetting ...

The CPS has disclosed details of the breach to the Information Commissioner's Office.

Simon Entwistle, the ICO’s director of operations, commented to the Register:

“The public expects their personal data to be properly looked after by organisations. Where it looks like this hasn’t happened, the Information Commissioner’s Office will investigate, with powers to issue monetary penalties up to £500,000 where appropriate.”

MP John McDonnell, who has been campaigning on behalf of the students in these cases, is considering raising the matter in Parliament. He told The Register:

"This all shows how the policing of protest is increasingly out of control."

A CPS spokesperson supplied the Reg with the following statement:

Since becoming aware of this breach on 13 September 2012, the CPS has written and apologised to those whose details appeared on the document. The individual to whom the information was disclosed has also been contacted and advised that the information was provided in error and requested that it be destroyed. The CPS Chief Operating Officer has commissioned a review of this incident and the systems and controls we have in place which failed on this occasion, to be conducted by a senior and experienced prosecutor from another CPS Division. The findings will be acted upon as a matter of priority to ensure that such an error does not recur.

Of particular concern is the issue of what would have happened had the matter not been brought to the CPS's attention. According to its standard FOI procedures, the results of individual inquiries are published three months after being supplied to the original requester. It is unclear whether further checks would have been carried out then - or whether the entire file would simply have been broadcast to the nation. ®

Updated to Add

Since this article was was published a CPS spokesman has supplied the Register with a further statement saying that not all FOI responses are released to the public.

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.