Feeds

CPS grovels after leaking IDs of hundreds arrested during student riots

FOI blunder spaffed details of people released uncharged

High performance access to file storage

Exclusive A botched response to a Freedom Of Information Act request could be about to cost the Crown Prosecution Service (CPS) dear. Prosecutors have issued grovelling apologies after revealing the identities of over a hundred people who were arrested during the tuition-fee riots but subsequently released without charge.

Back in June, a member of the public asked the CPS under the FOIA to provide figures for costs and resources used in the Metropolitan Police’s Operation Malone – the generic title given to investigations following a series of demonstrations by students against tuition fees in 2010 and 2011.

The requester was bowled over when, instead of the customary refusal or obfuscations, they received a spreadsheet containing the names of 299 demonstrators arrested not just through Malone, but also during the disturbances and later under another operation, code-named Brontide.

The CPS provided the names of some 116 individuals who have not been charged; names of those charged but then acquitted; and the names of 44 individuals aged under 18 - whose details would not have been revealed regardless of outcome. Also recorded are details of defending solicitors, plus some personal observations, including comment on individual medical issues.

In the normal course of an FOIA request, all this information would in due course have been published automatically, but in the event the CPS was warned before this could take place. Nonetheless the blunder is a serious data breach and the CPS has sent a letter to everyone affected.

The letter, a copy of which has been seen by The Register, reads in part:

I am writing to inform you that some of your personal data has been inadvertently disclosed in error ...

The information disclosed includes your full name, date of birth, the Police Unique Reference Number (URN), the offence with which you were charged, the first appearance date at court and the nature of the next hearing [where applicable] ...

I understand that you may find the contents of this letter upsetting ...

The CPS has disclosed details of the breach to the Information Commissioner's Office.

Simon Entwistle, the ICO’s director of operations, commented to the Register:

“The public expects their personal data to be properly looked after by organisations. Where it looks like this hasn’t happened, the Information Commissioner’s Office will investigate, with powers to issue monetary penalties up to £500,000 where appropriate.”

MP John McDonnell, who has been campaigning on behalf of the students in these cases, is considering raising the matter in Parliament. He told The Register:

"This all shows how the policing of protest is increasingly out of control."

A CPS spokesperson supplied the Reg with the following statement:

Since becoming aware of this breach on 13 September 2012, the CPS has written and apologised to those whose details appeared on the document. The individual to whom the information was disclosed has also been contacted and advised that the information was provided in error and requested that it be destroyed. The CPS Chief Operating Officer has commissioned a review of this incident and the systems and controls we have in place which failed on this occasion, to be conducted by a senior and experienced prosecutor from another CPS Division. The findings will be acted upon as a matter of priority to ensure that such an error does not recur.

Of particular concern is the issue of what would have happened had the matter not been brought to the CPS's attention. According to its standard FOI procedures, the results of individual inquiries are published three months after being supplied to the original requester. It is unclear whether further checks would have been carried out then - or whether the entire file would simply have been broadcast to the nation. ®

Updated to Add

Since this article was was published a CPS spokesman has supplied the Register with a further statement saying that not all FOI responses are released to the public.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.