London borough fined £145k for sharing data on 200 suspected gang members

Written by Sam Trendall on 8 April 2019 in News

Newham Council worker sent email with info including names and address

Credit: Daniel Reinhardt/DPA/Press Association Images

The Information Commissioner’s Office has fined the London Borough of Newham £145,000 for disclosing personal data related to more than 200 alleged gang members.

The ICO noted that the data disclosed by the council subsequently found its way into the hands of rival gangs, and that some people whose information was leaked suffered violent attacks – although the regulator stressed that “it is not possible to say whether there was a causal connection between any individual incidents of violence and the data breach”.

The breach in question occurred in January 2017, when a member of staff at Newham Council emailed 44 people with both a redacted and unredacted version of the Gangs Matrix database that had earlier been supplied to the authority by London’s Metropolitan Police Service. Included in the unredacted version was personal information related to 203 alleged gang members – including names, addresses, dates of birth, gang affiliations, and history with weapons.

The email was sent to Newham’s youth offending team, as well as to various external agencies, including a voluntary agency that works with the council to tackle gang crime.

ICO investigators found that, later in 2017, rival gangs got hold of photos of the unredacted database shared by the council. These images were reportedly obtained via Snapchat.

The regulator added that, while it could not state with certainty there was a connection, the people whose data was leaked were among the victims of “a number of incidents of serious gang violence” in Newham during 2017. 

Newham Council also failed to report the incident to the ICO, and did not commence its own internal investigation until December 2017, which the regulator said was “a significant time after they became aware of the breach”.

“We recognise there is a national concern about violent gang crime and the importance of tackling it,” said deputy information commissioner James Dipple-Johnstone. “We also recognise the challenges of public authorities in doing this. Appropriate sharing of information has its part to play in this challenge but it must be done lawfully and safely."

“Our investigation concluded that it was unnecessary, unfair and excessive for Newham Council to have shared the unredacted database with a large number of people and organisations, when a redacted version was readily available. The risks associated with such a transfer of sensitive information should have been obvious.”

In response, the council said that no-one has yet established how the information - which it said was inadvertently shared by one of its employees - got into the public domain. It added that it has made changes to its processes for managing and processing personal data.

Mayor Rokhsana Fiaz said: "On behalf of Newham Council I accept the seriousness of the unredacted gangs matrix list being distributed on this single occasion in January 2017 and am sorry that it happened. While there were information sharing protocols in place at the time, clearly they could have been better. The Information Commissioner has recognised that the breach was not deliberate and we welcome that. Since becoming mayor in May last year I have been embedding an enhanced culture of safeguarding across the organisation and this includes the internal control of sensitive safeguarding data in line with ICO requirements and new data protection regimes."

About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Vaccine passports pose discrimination and data protection risks, MPs find
17 June 2021

PACAC claims that government has not made a convincing case for introducing a certification scheme domestically

Online safety: How police, public sector and tech firms have reached a data-sharing stalemate
21 May 2021

With the Online Safety Bill now published, former police superintendent Iain Donnelly writes for PublicTechnology on the challenges that need to be overcome in order to ensure the law’s...

Related Sponsored Articles

Social justice: how the police can embrace online channels of citizen communication
17 June 2021

PublicTechnology talks to Salesforce about why police forces need to adopt new omnichannel capabilities, offer the public channel choice and the benefits of doing so

"The inflection point is here": how Covid is driving digital transformation in health
9 June 2021

It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation