Feeds

Does the RSPCA have your gun licence or car registration? NOBODY knows

When are cops not subject to FOI? When they're animal cops

Intelligent flash storage arrays

No checks are carried out on what the Royal Society for Prevention of Cruelty to Animals (RSPCA) does with confidential records it receives from police databases, including information on people's vehicles and gun licences, the Register has learned.

Precise details of the Information Sharing Agreements (ISAs) between the RSCPA and police forces are now coming to light, thanks to FOI requests.

The charity's ISA with Cumbria Police (PDF, 6.8MB) allows them to request access to vehicle information - and specifically includes "information held on the National Firearms Licensing Management System" (page 7).

The ISA with Hertfordshire Police (PDF, 3.4MB) says the same thing: vehicle information may be shared on request, and there is no exclusion for sensitive firearms data.

No other private organisation enjoys similar privileges of being able to request access to the Police National Computer (PNC). ACPO disclosed a list of organisations who can request access to the PNC after The Register broke the story of how RSPCA workers were accessing individuals' criminal records. The other "non-police prosecuting agencies" are all arms of government such as the Civil Aviation Authority, Ofcom, the Environment Agency etc. The RSPCA, by contrast, uses its charity money to bring private prosecutions against those it deems guilty of cruelty to animals (so saving the police and other government agencies a lot of time and money, which probably explains the unique level of access they offer it).

The vehicle and firearms databases are separate systems that feed into the PNC. Licensing info for firearms and shotguns is held on the National Firearms Licensing Management System, or NFLMS. The British Association for Shooting and Conservation believes at least 10 police forces have ISAs with the RSPCA – but have not yet disclosed them.

Details held on the NFLMS include firearms owners' addresses, details of the firearms and ammunition they hold (including the precise purposes for which some firearms may be used – for example, hunting over a defined area of land, along with the landowner's details), and, in some cases details of security arrangements protecting the firearms from unauthorised access. The police generally discourage firearm owners from disclosing such details themselves, except on a need-to-know basis.

Under the ISAs the RSPCA promises to dispose of the information when it is no longer needed: "In most cases, it is expected that information shared with the RSPCA will therefore be destroyed within a maximum timeline [sic] of 6 years."

But there's simply no way of knowing whether this is true.

The police do not undertake audits of the data once it leaves their control, as recommended by Lord Leveson. The Home Office confirmed it was not aware (PDF) of the legal status of the arrangement. The Information Commissioner has not been challenged on the legal basis of the arrangement, either.

For its part, the RSPCA can legally tell members of the public who make FOI requests to get stuffed – as it's not a public authority under the terms of the Freedom of Information Act, like the police and the other non-police enforcement agencies. An individual suspecting that the RSPCA had files on him or her could make a subject access request under the Data Protection Act - but organisations are exempt from compliance with this process if data is held for the purpose of "the capture or prosecution of offenders". ACPO claims that the RSPCA only gets access to police data when it intends to prosecute someone, so this exemption would no doubt be generally claimed.

And since nobody is auditing the RSPCA's databases, and they're not subject to any legal disclosure routes, there's no telling what information they have and what they do with it.

Civil liberties campaign group Big Brother Watch plans to file a complaint with the ICO demanding it order third-party access to the police databases to cease, and requesting an investigation into the legal basis of the arrangements. ®

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.