Feeds

Does the RSPCA have your gun licence or car registration? NOBODY knows

When are cops not subject to FOI? When they're animal cops

Secure remote control for conventional and virtual desktops

No checks are carried out on what the Royal Society for Prevention of Cruelty to Animals (RSPCA) does with confidential records it receives from police databases, including information on people's vehicles and gun licences, the Register has learned.

Precise details of the Information Sharing Agreements (ISAs) between the RSCPA and police forces are now coming to light, thanks to FOI requests.

The charity's ISA with Cumbria Police (PDF, 6.8MB) allows them to request access to vehicle information - and specifically includes "information held on the National Firearms Licensing Management System" (page 7).

The ISA with Hertfordshire Police (PDF, 3.4MB) says the same thing: vehicle information may be shared on request, and there is no exclusion for sensitive firearms data.

No other private organisation enjoys similar privileges of being able to request access to the Police National Computer (PNC). ACPO disclosed a list of organisations who can request access to the PNC after The Register broke the story of how RSPCA workers were accessing individuals' criminal records. The other "non-police prosecuting agencies" are all arms of government such as the Civil Aviation Authority, Ofcom, the Environment Agency etc. The RSPCA, by contrast, uses its charity money to bring private prosecutions against those it deems guilty of cruelty to animals (so saving the police and other government agencies a lot of time and money, which probably explains the unique level of access they offer it).

The vehicle and firearms databases are separate systems that feed into the PNC. Licensing info for firearms and shotguns is held on the National Firearms Licensing Management System, or NFLMS. The British Association for Shooting and Conservation believes at least 10 police forces have ISAs with the RSPCA – but have not yet disclosed them.

Details held on the NFLMS include firearms owners' addresses, details of the firearms and ammunition they hold (including the precise purposes for which some firearms may be used – for example, hunting over a defined area of land, along with the landowner's details), and, in some cases details of security arrangements protecting the firearms from unauthorised access. The police generally discourage firearm owners from disclosing such details themselves, except on a need-to-know basis.

Under the ISAs the RSPCA promises to dispose of the information when it is no longer needed: "In most cases, it is expected that information shared with the RSPCA will therefore be destroyed within a maximum timeline [sic] of 6 years."

But there's simply no way of knowing whether this is true.

The police do not undertake audits of the data once it leaves their control, as recommended by Lord Leveson. The Home Office confirmed it was not aware (PDF) of the legal status of the arrangement. The Information Commissioner has not been challenged on the legal basis of the arrangement, either.

For its part, the RSPCA can legally tell members of the public who make FOI requests to get stuffed – as it's not a public authority under the terms of the Freedom of Information Act, like the police and the other non-police enforcement agencies. An individual suspecting that the RSPCA had files on him or her could make a subject access request under the Data Protection Act - but organisations are exempt from compliance with this process if data is held for the purpose of "the capture or prosecution of offenders". ACPO claims that the RSPCA only gets access to police data when it intends to prosecute someone, so this exemption would no doubt be generally claimed.

And since nobody is auditing the RSPCA's databases, and they're not subject to any legal disclosure routes, there's no telling what information they have and what they do with it.

Civil liberties campaign group Big Brother Watch plans to file a complaint with the ICO demanding it order third-party access to the police databases to cease, and requesting an investigation into the legal basis of the arrangements. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.