UK Liberty

This page has some real-life (as opposed to hypothetical) examples of abuses of our personal data.

This document is updated from time to time. It was most recently updated on 18 April 2008. The most recent updates are at the top.

The Sun reports that “A ruthless rapist found victims by getting a job as a care worker and trawling a council’s database for vulnerable young girls. Simeon Kellman, 43, used computer records to identify teenagers who had just come out of the foster care system.  Then he forced his way into their homes and attacked them. Kellman has just been jailed for eight years for the vicious rape of an 18-year-old, who was blindfolded and bound.” The Met police say “Further investigations revealed that Kellman had accessed information concerning the woman on the council database more than 30 times.”

The Times reports on a form of identity theft involving a phantom tenant taking out a mortgage on someone else’s property using information taken from the Land Registry’s website.

Zdnet reports that “An NHS trust is investigating how one of its hard drives containing confidential information was sold online. The Dudley Group of Hospitals NHS Trust is trying to find out how one of its computers full of confidential medical information was sold on eBay.”

Disposal of the trust’s computers is carried out under contract to Siemens Medical Solutions, as part of a PFI agreement. Computer Disposals has a subcontract with Siemens to dispose of obsolete IT. All hard drives that leave the trust via this route should undergo data wiping which meets the government’s standard of being overwritten three times.

The BBC reports that “Two former policemen have been jailed for hacking into computers while working as private detectives. Ex-Met officers Jeremy Young and Scott Gelsthorpe even tried to hack into the New York Stock Exchange. They received 27 months and two years respectively. Three former Staffordshire officers were jailed for unlawfully accessing the police national computer. ” The article does not make it wholly clear that some of them were serving officers when the offences were committed.
The BBC reports that “A police officer who sold secrets to a private investigator has been jailed at Southwark Crown Court for 15 months.”

The BBC reports that “The number plate system needs to be completely overhauled to beat a rise in “car cloning”, police have said. … Tony Bullock’s car was cloned even though his plates were not physically stolen, and he was threatened with prosecution after “his” car was repeatedly caught speeding in Leicester.”

He said: “It was horrendous. You are guilty until you can prove you’re not. It’s the first time that I’ve thought that English law is on its head.”

The BBC reports that “Members of an international gang who made £4.5m selling luxury cars stolen in violent attacks have been sentenced. … DVLA official … admitted corruption in a public office and was sentenced to 200 hours community service.”

The Register reports that “The Foreign and Commonwealth Office (FCO) has closed its online service for visa applicants from India while it investigates a security breach that made the personal details of visa applicants available online. … The security hole was originally reported to both VFS and the British High Commission more than a year ago but no action was taken. … VFS’s online service could apparently be subverted by making changes to its URL - doing so gave a browser access to the firm’s database of visa applicants, which stored passport numbers, names, addresses, and travel details. … VFS also processes online applications for UK visas from Nigeria and Russia. The FCO could not confirm whether the same problem occured in the systems operating in these countries as well, but did say that their sites had been closed down.”

“The Information Commissioner’s Office (ICO) is conducting an audit of Halifax Bank of Scotland’s (HBOS) data security procedures after it was revealed that the bank was putting customers’ financial documents in ordinary bins. The act, uncovered by the BBC’s Watchdog programme, is in breach of an undertaking to the ICO signed by HBOS earlier this year after it was found throwing out documents containing customer details.” reports The Register.

“Some 130 medical staff have signed a letter calling for a police probe into internet security breaches concerning junior doctors’ personal details.” - the Guardian

“Sensitive case notes on vulnerable children in Essex have been found on a computer sold on eBay’s auction site. Reports and details about fostering and adoption were found among 1,000 files on a £1.70 computer previously owned by Southend Borough Council.” The unsuspecting buyer is quoted as saying, “It was a sort of snap shot of documents from meetings to decide whether or not a child would go to a special school, details of whether they’d been physically or sexually abused.” - the BBC

“A private investigator used by companies chasing vehicle hire purchase and bank debtors was convicted at Kingston magistrates court in south-west London. Nicholas Munroe, 32, of west London, conned civil servants into giving home addresses of more than 250 people over the phone. He was convicted of 44 offences of stealing and selling private data in a prosecution brought by Richard Thomas, the information commissioner, and fined £3,200 plus £5,000 costs. [annual turnover of £100,000! - ukliberty]” - the Guardian.

The DVLA sold on data without consent to convicted criminals.

A DVLA employee sold data to animal rights extremists.

‘Security at the British Home Office’s Identity and Passport Service (IPS) database has been compromised four times, with individuals’ data used inappropriately by Home Office employees and contractors. A fifth breach has hit a Prison Service database.’

‘Certified private sector agents of the CRB database had routinely abused their power, the National Association for the Care and Resettlement of Offenders (Nacro) reported in January, after receiving 15,000 complaints from ex-offenders in the recent year.’

‘Failing to collect, retain and pass on material to others to protect children and other vulnerable people is a misconduct issue as much as the misuse of PNC data which has been a consistent problem during the last 20 years - and still poses a challenge today for the new IPCC. The types of cases in which abuse occur include using the PNC to gain evidence for civil proceedings, to find evidence about a partner’s estranged husband, or to check out a daughter’s latest boyfriend. There is also the perennial problem of data being sold to private detectives.’

‘A police officer has been jailed for two-and-a-half years for accepting money to pass on information to a Saudi Arabian intelligence officer. ‘

‘Staff at the Inland Revenue are breaching the Data Protection Act by gaining unauthorised access to the computer records of taxpayers, including celebrities, and in some cases selling information ‘ according to Computer Weekly.

‘The Inland Revenue has reprimanded, fined or sacked 765 of its own staff in the past three years for violating the Data Protection Act or misuse of computers. The offences, which include selling celebrities’ tax records to newspapers and visiting “illegal” pornographic websites, have come to light after an investigation by Tax Relief, a campaign group set up to highlight disputes between the taxman and members of the public.’ - The Telegraph.

‘A major security alert began at an east London police station when two workers used its criminal database to check up on their boyfriends, a court heard.’

‘Jack and Zena ended up in Grimsby, where someone at the DSS leaked their whereabouts; three men turned up at the office claiming to be Zena’s brothers and demanding to know her address.’

‘Two private investigators, John Boyall and Stephen Whittamore, civilian police worker Paul Marshall, and retired police officer Alan King, were involved in a conspiracy to sell details relating to actor Ricky Tomlinson, London Mayor Ken Livingstone and EastEnders actress Jessie Wallace. According to reports, on 19 occasions, Marshall, who worked at Wandsworth Police Station, carried out unauthorised Police National Computer searches and passed the information on through intermediaries King and sometimes Boyall, to Whittamore, who peddled the data to the newspapers.’

‘Investigations by [ICO] staff and police had uncovered “evidence of a pervasive and widespread ‘industry’ devoted to the illegal buying and selling of [personal] information”‘ (see also What Price Privacy?, the BBC, and SpyBlog).

Helen Wilkinson “discovered that the University College London Hospitals trust had sent computer records of every hospital medical treatment that she had ever received to a private company, McKesson, which holds a mass of NHS records. Those records are then passed on, as Helen’s were, to computer systems used by the NHS. Helen’s records thus became available to several NHS bodies, such as the Thames Valley strategic health authority, Wycombe primary care trust and so on. Helen asked to see her records under the Data Protection Act 1998, as she is fully entitled to do, and she discovered when she examined them that there was a serious mistake in them. She was effectively and, I repeat, mistakenly, registered as an alcoholic. Helen resolved, given her anger about the mistake, her concern about the many people who have access to even the correct parts of her record, and her anxiety about the even larger number who might well have access to it as the NHS computerisation programme proceeds, that she wanted her records removed from NHS systems altogether.”

High street banks are throwing customer information into bins outside their premises in breach of the Data Protection Act, according to privacy watchdog the Information Commissioner.

Zdnet reported in 2006 that “Computer security breaches at a number of central government departments in the last year have led to confidential database records being compromised.” The Parliamentary written answers referred to in the article can be read using TheyWorkForYou.

The BBC reported in 2006 that “Some 2,700 people have been wrongly labelled as criminals by the Criminal Records Bureau (CRB). The mistakes have led to some people being turned down for jobs.”

The BBC reported in 2006 that “Two council CCTV camera operators have been jailed [for four and two months respectively - ukliberty] for spying on a naked woman in her own home.” The Judge said, “You only have to read the impact statements of the lady to realise the harrowing effect that this had on her. Her life has almost been ruined, her self-confidence entirely destroyed by the thought that prying male eyes have entered her flat.”

‘The Home Office has been forced to apologise to 10 men placed under controversial anti-terrorist control orders after it linked them to the ricin plot in London, the Guardian has discovered. In an embarrassing letter to the men, the government claims that it made a “clerical error” when it said the grounds for emergency restriction imposed on each of the alleged international terrorists was that they “belonged to and have provided support for a network of north African extremists directly involved in terrorist planning in the UK, including the use of toxic chemicals”.’

‘The Department for Constitutional Affairs (DCA), the Crown Prosecution Service (CPS) and the Courts Service have never fully checked their compliance with the Data Protection Act – despite the legislation being in place for more than six years. According to documents obtained by the Law Gazette under the Freedom of Information Act, neither the DCA, the CPS nor the Courts Service has ever done a full audit as to whether they correct or maintain personal information in accordance with the law.’

The case of Shirley McKie, who “was accused of leaving her fingerprint at a crime scene and lying about it. This all happened in the line of duty when she was part of a police team investigating the vicious murder of Marion Ross in Kilmarnock, Scotland. Shirley testified as a crown witness at the trial of David Asbury accused of the murder. Asked about the crime scene she stated that she had not been in the murder victim’s house even although 4 experts from the Scottish Criminal Records Office (SCRO) had identified a ‘thumbprint’ from the house as hers. … All experts from abroad who testified in court and others later invited by the Scottish investigating authorities to study the print [171 - ukliberty] have clearly stated, and demonstrated, that the latent from the crime scene definitely did not come from Shirley McKie. … the experts and their supervisors, including Police and Crown Office, continued to maintain that they were right in their identification and that it was merely ‘a matter of opinion..’”