Feeds

Does the RSPCA have your gun licence or car registration? NOBODY knows

When are cops not subject to FOI? When they're animal cops

The essential guide to IT transformation

No checks are carried out on what the Royal Society for Prevention of Cruelty to Animals (RSPCA) does with confidential records it receives from police databases, including information on people's vehicles and gun licences, the Register has learned.

Precise details of the Information Sharing Agreements (ISAs) between the RSCPA and police forces are now coming to light, thanks to FOI requests.

The charity's ISA with Cumbria Police (PDF, 6.8MB) allows them to request access to vehicle information - and specifically includes "information held on the National Firearms Licensing Management System" (page 7).

The ISA with Hertfordshire Police (PDF, 3.4MB) says the same thing: vehicle information may be shared on request, and there is no exclusion for sensitive firearms data.

No other private organisation enjoys similar privileges of being able to request access to the Police National Computer (PNC). ACPO disclosed a list of organisations who can request access to the PNC after The Register broke the story of how RSPCA workers were accessing individuals' criminal records. The other "non-police prosecuting agencies" are all arms of government such as the Civil Aviation Authority, Ofcom, the Environment Agency etc. The RSPCA, by contrast, uses its charity money to bring private prosecutions against those it deems guilty of cruelty to animals (so saving the police and other government agencies a lot of time and money, which probably explains the unique level of access they offer it).

The vehicle and firearms databases are separate systems that feed into the PNC. Licensing info for firearms and shotguns is held on the National Firearms Licensing Management System, or NFLMS. The British Association for Shooting and Conservation believes at least 10 police forces have ISAs with the RSPCA – but have not yet disclosed them.

Details held on the NFLMS include firearms owners' addresses, details of the firearms and ammunition they hold (including the precise purposes for which some firearms may be used – for example, hunting over a defined area of land, along with the landowner's details), and, in some cases details of security arrangements protecting the firearms from unauthorised access. The police generally discourage firearm owners from disclosing such details themselves, except on a need-to-know basis.

Under the ISAs the RSPCA promises to dispose of the information when it is no longer needed: "In most cases, it is expected that information shared with the RSPCA will therefore be destroyed within a maximum timeline [sic] of 6 years."

But there's simply no way of knowing whether this is true.

The police do not undertake audits of the data once it leaves their control, as recommended by Lord Leveson. The Home Office confirmed it was not aware (PDF) of the legal status of the arrangement. The Information Commissioner has not been challenged on the legal basis of the arrangement, either.

For its part, the RSPCA can legally tell members of the public who make FOI requests to get stuffed – as it's not a public authority under the terms of the Freedom of Information Act, like the police and the other non-police enforcement agencies. An individual suspecting that the RSPCA had files on him or her could make a subject access request under the Data Protection Act - but organisations are exempt from compliance with this process if data is held for the purpose of "the capture or prosecution of offenders". ACPO claims that the RSPCA only gets access to police data when it intends to prosecute someone, so this exemption would no doubt be generally claimed.

And since nobody is auditing the RSPCA's databases, and they're not subject to any legal disclosure routes, there's no telling what information they have and what they do with it.

Civil liberties campaign group Big Brother Watch plans to file a complaint with the ICO demanding it order third-party access to the police databases to cease, and requesting an investigation into the legal basis of the arrangements. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.