Probe into data breach at Britain's criminal records office

SENSITIVE conviction details have been sent out to the wrong people by Britain's criminal records office, The News can reveal.
By The Newsroom
Published 20th Sep 2018, 11:20 BST
Updated 20th Sep 2018, 12:23 BST
Hundreds of data breaches have been logged at Acro over the last three yearsHundreds of data breaches have been logged at Acro over the last three years
Hundreds of data breaches have been logged at Acro over the last three years

Hundreds of data breaches have been logged at Acro over the last three years.

Some of these relate to a police certificate with conviction data accidentally having a third party's information. Data has also been sent to the wrong police department.

Hide Ad
Hide Ad

And in one case, details of a criminal offence was added to the wrong person's record.

Hundreds of data breaches have been logged at Acro over the last three yearsHundreds of data breaches have been logged at Acro over the last three years
Hundreds of data breaches have been logged at Acro over the last three years

Now the Information Commissioner's Office is probing the Fareham-based organisation for a high risk breach.

Acro, which handles conviction data and intelligence between foreign countries and Britain, was referred to the ICO after an agency was not told when an incomplete entry on the police national computer was updated but a relevant agency was not told.

A freedom of information request by The News found there were 273 data breaches since 2015.

Hide Ad
Hide Ad

That included the accidental deletion of a criminal record, fingerprint records being linked to the wrong person and multiple International Child Protection Certificates sent to the wrong people. ICPCs are requested by foreign agencies to check a UK worker's record.

Supt James FultonSupt James Fulton
Supt James Fulton

On top of that there were 311 documents lost in the post. These were police certificates '“ containing criminal records '“ and details of information held by police about individuals, which are called subject access requests.

But Acro has insisted the breaches represent 0.0004 per cent of more than 1.44m data transactions since 2015.

Superintendent James Fulton, head of Acro, said: '˜Acro Criminal Records Office processes information in hundreds of thousands of records each year with the sole purpose of safer communities in the UK and across the world.

Hide Ad
Hide Ad

'˜The total number of data breaches represents 0.0004 per cent of the total transactions within the period. In the financial year to date, the vast majority of breaches have been graded as low risk.

Supt James Fulton from Acro Criminal Records OfficeSupt James Fulton from Acro Criminal Records Office
Supt James Fulton from Acro Criminal Records Office

'˜Low risk means that the breach has had minimal impact on any individual or community. These include, for example, incorrect information being sent to another agency within a restricted environment.

'˜Nonetheless, we appreciate that a data breach can have an adverse effect on a data subject's right to privacy, which is why we take our commitment towards responsible information management seriously. We ensure that we learn from any incidents.'

He said its 300 staff are trained with '˜comprehensive data breach training sessions'.