Credit: Bicanski/Pixnio

The Information Commissioner’s Office has said it will not proceed with a criminal prosecution against two people suspected of obtaining and disclosing CCTV footage from the Department of Health and Social Care that cost Matt Hancock his job as health secretary.

In a statement, the data watchdog said there was “insufficient evidence” to bring a case to court over the images of Hancock embracing aide-turned-lover Gina Coladangelo in a DHSC building last year.

Hancock resigned following a backlash from MPs who were angry at the health secretary breaching his own social distancing rules with Coladangelo, who was a non-executive director at the department, after the Sun published the images in June last year.

The following month, the ICO launched a criminal investigation after it received a report of a personal data breach from DHSC’s CCTV operator, EMCOR Group plc. It subsequently seized personal computer equipment and other electronic devices in raids on two properties described as being in “the south of England”.

Related content

• EXCL: Levelling Up department exposes personal data in breach
• Departments to undergo independent audits of cyber resilience
• Researchers detect ‘multiple spyware infections’ of Downing St and FCDO since 2020

The ICO has now said that while forensic analysis had revealed the leaked images of Hancock and Coladangelo were most likely obtained by someone recording the CCTV footage screens at DHSC with a mobile phone, its trail has gone cold.

“Six phones retrieved during the execution of search warrants did not contain the relevant CCTV footage,” the watchdog said in a statement. “After taking legal advice, the ICO concluded that there was insufficient evidence to charge anyone with criminal offences under the Data Protection Act 2018. The ICO has therefore closed its criminal investigation.”

In July last year ICO director of operations Steve Eckersley said it was “vital” that all people, including employees and visitors to public buildings, had trust and confidence in the protection of their personal data captured by CCTV.

"In these circumstances, the ICO aims to react swiftly and effectively to investigate where there is a risk that other people may have unlawfully obtained personal data,” he said.

EMCOR, which provides facilities management services and CCTV for the health department, had submitted a breach report as a processor of personal data, complaining that images were taken from the DHSC CCTV system without consent from either it or the department.