Feeds

Does the RSPCA have your gun licence or car registration? NOBODY knows

When are cops not subject to FOI? When they're animal cops

Top three mobile application threats

No checks are carried out on what the Royal Society for Prevention of Cruelty to Animals (RSPCA) does with confidential records it receives from police databases, including information on people's vehicles and gun licences, the Register has learned.

Precise details of the Information Sharing Agreements (ISAs) between the RSCPA and police forces are now coming to light, thanks to FOI requests.

The charity's ISA with Cumbria Police (PDF, 6.8MB) allows them to request access to vehicle information - and specifically includes "information held on the National Firearms Licensing Management System" (page 7).

The ISA with Hertfordshire Police (PDF, 3.4MB) says the same thing: vehicle information may be shared on request, and there is no exclusion for sensitive firearms data.

No other private organisation enjoys similar privileges of being able to request access to the Police National Computer (PNC). ACPO disclosed a list of organisations who can request access to the PNC after The Register broke the story of how RSPCA workers were accessing individuals' criminal records. The other "non-police prosecuting agencies" are all arms of government such as the Civil Aviation Authority, Ofcom, the Environment Agency etc. The RSPCA, by contrast, uses its charity money to bring private prosecutions against those it deems guilty of cruelty to animals (so saving the police and other government agencies a lot of time and money, which probably explains the unique level of access they offer it).

The vehicle and firearms databases are separate systems that feed into the PNC. Licensing info for firearms and shotguns is held on the National Firearms Licensing Management System, or NFLMS. The British Association for Shooting and Conservation believes at least 10 police forces have ISAs with the RSPCA – but have not yet disclosed them.

Details held on the NFLMS include firearms owners' addresses, details of the firearms and ammunition they hold (including the precise purposes for which some firearms may be used – for example, hunting over a defined area of land, along with the landowner's details), and, in some cases details of security arrangements protecting the firearms from unauthorised access. The police generally discourage firearm owners from disclosing such details themselves, except on a need-to-know basis.

Under the ISAs the RSPCA promises to dispose of the information when it is no longer needed: "In most cases, it is expected that information shared with the RSPCA will therefore be destroyed within a maximum timeline [sic] of 6 years."

But there's simply no way of knowing whether this is true.

The police do not undertake audits of the data once it leaves their control, as recommended by Lord Leveson. The Home Office confirmed it was not aware (PDF) of the legal status of the arrangement. The Information Commissioner has not been challenged on the legal basis of the arrangement, either.

For its part, the RSPCA can legally tell members of the public who make FOI requests to get stuffed – as it's not a public authority under the terms of the Freedom of Information Act, like the police and the other non-police enforcement agencies. An individual suspecting that the RSPCA had files on him or her could make a subject access request under the Data Protection Act - but organisations are exempt from compliance with this process if data is held for the purpose of "the capture or prosecution of offenders". ACPO claims that the RSPCA only gets access to police data when it intends to prosecute someone, so this exemption would no doubt be generally claimed.

And since nobody is auditing the RSPCA's databases, and they're not subject to any legal disclosure routes, there's no telling what information they have and what they do with it.

Civil liberties campaign group Big Brother Watch plans to file a complaint with the ICO demanding it order third-party access to the police databases to cease, and requesting an investigation into the legal basis of the arrangements. ®

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.