London borough fined £145k for sharing data on 200 suspected gang members

Written by Sam Trendall on 8 April 2019 in News

Newham Council worker sent email with info including names and address

Credit: Daniel Reinhardt/DPA/Press Association Images

The Information Commissioner’s Office has fined the London Borough of Newham £145,000 for disclosing personal data related to more than 200 alleged gang members.

The ICO noted that the data disclosed by the council subsequently found its way into the hands of rival gangs, and that some people whose information was leaked suffered violent attacks – although the regulator stressed that “it is not possible to say whether there was a causal connection between any individual incidents of violence and the data breach”.

The breach in question occurred in January 2017, when a member of staff at Newham Council emailed 44 people with both a redacted and unredacted version of the Gangs Matrix database that had earlier been supplied to the authority by London’s Metropolitan Police Service. Included in the unredacted version was personal information related to 203 alleged gang members – including names, addresses, dates of birth, gang affiliations, and history with weapons.

The email was sent to Newham’s youth offending team, as well as to various external agencies, including a voluntary agency that works with the council to tackle gang crime.

ICO investigators found that, later in 2017, rival gangs got hold of photos of the unredacted database shared by the council. These images were reportedly obtained via Snapchat.

The regulator added that, while it could not state with certainty there was a connection, the people whose data was leaked were among the victims of “a number of incidents of serious gang violence” in Newham during 2017. 

Newham Council also failed to report the incident to the ICO, and did not commence its own internal investigation until December 2017, which the regulator said was “a significant time after they became aware of the breach”.

“We recognise there is a national concern about violent gang crime and the importance of tackling it,” said deputy information commissioner James Dipple-Johnstone. “We also recognise the challenges of public authorities in doing this. Appropriate sharing of information has its part to play in this challenge but it must be done lawfully and safely."

“Our investigation concluded that it was unnecessary, unfair and excessive for Newham Council to have shared the unredacted database with a large number of people and organisations, when a redacted version was readily available. The risks associated with such a transfer of sensitive information should have been obvious.”

In response, the council said that no-one has yet established how the information - which it said was inadvertently shared by one of its employees - got into the public domain. It added that it has made changes to its processes for managing and processing personal data.

Mayor Rokhsana Fiaz said: "On behalf of Newham Council I accept the seriousness of the unredacted gangs matrix list being distributed on this single occasion in January 2017 and am sorry that it happened. While there were information sharing protocols in place at the time, clearly they could have been better. The Information Commissioner has recognised that the breach was not deliberate and we welcome that. Since becoming mayor in May last year I have been embedding an enhanced culture of safeguarding across the organisation and this includes the internal control of sensitive safeguarding data in line with ICO requirements and new data protection regimes."

About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...

Government seeks ‘better outcomes’ by linking data on homelessness, crime and addiction
27 June 2022

MoJ-led series of pilot programmes aim to better connect information to improve outcomes for those with complex needs

‘Treated as suspects’ – ICO calls for end to excessive demands for personal data of rape victims
31 May 2022

Information commissioner tells forces to immediately stop gathering info in a manner he claims is putting a major dent in conviction rates

ICO hits facial recognition firm with £7.5m fine and order to delete all UK data
25 May 2022

Regulator finds that collection of online images was not fair, transparent or lawful