Feeds

CPS grovels after leaking IDs of hundreds arrested during student riots

FOI blunder spaffed details of people released uncharged

Choosing a cloud hosting partner with confidence

Exclusive A botched response to a Freedom Of Information Act request could be about to cost the Crown Prosecution Service (CPS) dear. Prosecutors have issued grovelling apologies after revealing the identities of over a hundred people who were arrested during the tuition-fee riots but subsequently released without charge.

Back in June, a member of the public asked the CPS under the FOIA to provide figures for costs and resources used in the Metropolitan Police’s Operation Malone – the generic title given to investigations following a series of demonstrations by students against tuition fees in 2010 and 2011.

The requester was bowled over when, instead of the customary refusal or obfuscations, they received a spreadsheet containing the names of 299 demonstrators arrested not just through Malone, but also during the disturbances and later under another operation, code-named Brontide.

The CPS provided the names of some 116 individuals who have not been charged; names of those charged but then acquitted; and the names of 44 individuals aged under 18 - whose details would not have been revealed regardless of outcome. Also recorded are details of defending solicitors, plus some personal observations, including comment on individual medical issues.

In the normal course of an FOIA request, all this information would in due course have been published automatically, but in the event the CPS was warned before this could take place. Nonetheless the blunder is a serious data breach and the CPS has sent a letter to everyone affected.

The letter, a copy of which has been seen by The Register, reads in part:

I am writing to inform you that some of your personal data has been inadvertently disclosed in error ...

The information disclosed includes your full name, date of birth, the Police Unique Reference Number (URN), the offence with which you were charged, the first appearance date at court and the nature of the next hearing [where applicable] ...

I understand that you may find the contents of this letter upsetting ...

The CPS has disclosed details of the breach to the Information Commissioner's Office.

Simon Entwistle, the ICO’s director of operations, commented to the Register:

“The public expects their personal data to be properly looked after by organisations. Where it looks like this hasn’t happened, the Information Commissioner’s Office will investigate, with powers to issue monetary penalties up to £500,000 where appropriate.”

MP John McDonnell, who has been campaigning on behalf of the students in these cases, is considering raising the matter in Parliament. He told The Register:

"This all shows how the policing of protest is increasingly out of control."

A CPS spokesperson supplied the Reg with the following statement:

Since becoming aware of this breach on 13 September 2012, the CPS has written and apologised to those whose details appeared on the document. The individual to whom the information was disclosed has also been contacted and advised that the information was provided in error and requested that it be destroyed. The CPS Chief Operating Officer has commissioned a review of this incident and the systems and controls we have in place which failed on this occasion, to be conducted by a senior and experienced prosecutor from another CPS Division. The findings will be acted upon as a matter of priority to ensure that such an error does not recur.

Of particular concern is the issue of what would have happened had the matter not been brought to the CPS's attention. According to its standard FOI procedures, the results of individual inquiries are published three months after being supplied to the original requester. It is unclear whether further checks would have been carried out then - or whether the entire file would simply have been broadcast to the nation. ®

Updated to Add

Since this article was was published a CPS spokesman has supplied the Register with a further statement saying that not all FOI responses are released to the public.

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.