A probation officer who disclosed a domestic abuse victim’s new address to her alleged abuser has been fined £150 and order to pay court costs after being prosecuted and given what has been described by Information Commissioner Christopher Graham as "a relatively minor penalty". Data privacy watchdogs at the Information …
"Unlawfully obtaining or accessing personal data is a criminal offence, under the aforementioned Section 55 of the Data Protection Act 1998. The offence is punishable by a fine of up to £5,000 in a magistrates' court or an unlimited fine in a Crown court."
Maybe they should start looking at the ACPO then as well.......
1. Fine of £150.
2. Law allows fine of £5,000.
3. Information Commissioner calls for tougher law.
I don't get it. Why isn't the IC calling for the to-the-hilt enforcement of the EXISTING law?
The chances are, as the person was sacked, the judges may think they have already been punished in another, harsher way.
A) They were fired because they weren't competent in their job, not as punishment. This incident merely brought the incompetence to light.
B) Such externalities shouldn't be considered in sentencing At all.
C) Even if the judge did consider it, not harsh enough. In this case, the maximum isn't harsh enough anyway.
"B) Such externalities shouldn't be considered in sentencing At all."
Of course they should, it's why judges dish out sentences for serious crimes as opposed to a sentencing guideline spreadsheet.
In this case, the impact of the offence and the gross injustice it caused seem not to have been taken into account. We should be asking why.
Are the judge's remarks available?
The victim could have been killed or seriously injured by their violent partner. Remember most murders in the UK are a spouse on both ends of a kitchen knife.
Even the maximum penalty does not reflect the actually and potential harm the probation officer caused.
re:just_this_guy@14:23 - misleading article.
I think you've been mislead by the reporting, the law does not allow a fine of £5000 for her.
The section of the act as quoted would apply to the suspect in this case, he illegally obtained private information.
The social worker in this case illegally disclosed it, which was not the offence that was quoted in the article, that was "illegally accessing or obtaining", she did neither of those things.
The police should go after the leaker for wasting police time (the abandoned investigation) and interfering with a police investigation.
the victim should probably go after them also in a civil court case
How long until the follow up news story? You know, the one where the abuse victim's body is found?
Obviously this story is missing a few details. Why would the probation officer want to make sure there wasn't an issue with mistaken identity? Did she hand over an address and say "do not go near here?"
Either way, I hope the perp doesn't do anything stupid.
There isn't a perp - charges were dropped.
Erm, no. She had been rehoused, moved to a different location because of the abuse. To say that there was no perpetrator of the abuse is stupid.
The victim was living in fear. Hardly a week goes by without a victim of Domestic Violence winding up dead. Most of them were already known to the police. Most of the perpetrators already had restraining Orders against them.
Most victims of domestic violence are so afraid of their abusers that they don't report the crimes.
I agree with the OP, the follow up story will probably be that her body has been found...
The woman who gave out the details should then be charged with being an accessory to murder.
Re: No perp???
"Most victims of domestic violence are so afraid of their abusers that they don't report the crimes."
And when they do they tend to find the police brush them off until something seriously nasty happens
Especially if the victim is male (Been there done that.)
(Contrary to popular belief abuse runs about 55:45 female/male perps with much of the abuse directed against children (who have virtually no protection unless the abuse gets extreme) and men who won't fight back or report it because they've been trained from childhood not to hit girls - if they do defend themselves men tend to find the abuser crying to all and sundry that he's beating her - a nice bit of double jeopardy.)
Re: No perp???
"a nice bit of double jeopardy"
That is not what double jeopardy is.
Re: No perp???
"Hardly a week goes by without a victim of Domestic Violence winding up dead. Most of them were already known to the police. Most of the perpetrators already had restraining Orders against them."
Do you have any evidence to back that up or are you just regurgitating the myths spewed out by wimmins aid and the like?
Domestic violence is a serious crime but de valuing it with made up stats and other bollocks does nothing to help the true victims.
Re: No perp???
Actually, yes. My mother-in-law works with the victims of domestic violence, so I have seen the stats, and they are even worse than 1 per week. It just doesn't get reported unless there is a 'police knew but did nothing' angle for the press.
So get off the 'wimmins aid are bollocks' high horse and actually do some research.
Brainless fecking idiot
There isn't a perp only if you insist that there has to be an active investigation. Since an agent of the government destroyed the victim's faith in the police and being protected from her abuser and therefore charges were dropped, doesn't mean there wasn't a perpetrator of a crime, just not one that was going to get convicted due.
Re: No perp??? @andyC
More than 1 per week, thats in excess of 52 murders per year of women as a result of domestic violence.
The ONS publish very comprehensive statistics on cause of death and in particular causes of death following police contact. Of the 21 deaths recorded in these stats 9 where classified as "domestic"
Do you have any published stats to counter the argument?
Unlawfully accessing personal data..." As it reads either this story is total b*ll*cks (because it misses out key details) or the rent a quote lawyer doesn't understand what unlawful accessing means!
She was a probation officer, possibly looking after the case mentioned and thus one assumes had a lawful reason to access that database for carrying out her job. As I read it even if she was not supposed to access those details on that database, she did not access those details in a personal capacity (helping out a mate, being curious etc) nor did she give her login details to an unauthorised user to access the details thus she was guilty of gross misconduct and being a complete idiot rather than committing unlawful access. She made a serious error in judgement and was sacked for it. Unless the story is missing something, she did not hack the database to access details she was not allowed to see which is closer to what I consider 'unlawful access'.
She was guilty of not protecting someone else's data to which she was responsible for protecting and I suspect that is what the fine was about. But then this term includes muppets leaving documents on trains or thowing them into bins etc and hence is not as harshly punished as unlawful access. If you want to punish someone for stupidly handing over data to the wrong person then put them in an appropriate category rather than trying to make the unlawful access charge stick which is something completely different.
Went and checked the relevant DPA bit quoted (Section 55). Subsection 1 clearly states accessing when you are not meant to while subsection 2 clearly states disclosure is justified where the individual is doing so as part of their job, to assist detection of crime and court proceedings or has a reasonable expectation that the data controller would approve the disclosure.
It is very hard to pin a criminal prosecution on someone for being stupid as opposed to wilfully malignant!
Re: "It is very hard to pin a criminal prosecution on someone for being stupid"
It's also bad policy. If people doing a particular job risk get prosecuted for mistakes then fewer people want to do the job and you end up being forced to employ from the dwindling pool of applicants even less competent people who then make even more mistakes until eventually the only people you can employ are homeless people who actually want to go to prison. At this point you won't be providing a very good service.
Not long I suspect until
We see a similar thing with an RSPCA official.
Re: Not long I suspect until
We only find out about the cases they choose to prosecute, most will be covered up.
Why she disclosed the information
From other media reports it seems she passed the information to someone she thought was the abuser's brother.
It appears she was led to believe the abuser already knew the woman's address and that she was helping the alleged brother in protecting the woman from the abuser by telling the brother where she was. Perhaps believing the brother would be going to the house to prevent the abuser attacking her again. It looks like a case of social engineering to me; give me her address now, I need to prevent a serious crime! Quick, or you'll have blood on your hands!!!
I have some sympathy in that she thought she was doing the right thing, even though she was not. The rather low penalty seems to suggest the court punished her for the data breach but acknowledged the lack of intent to cause harm.
The worst bit...
...is that this fine is probably more damaging to that woman and her finances than a lot of the so-called large fines slapped on companies (or premiership footballers) when they do something vile.
Re: The worst bit...
not to mention the fines slapped on councils / govt departments where the staff responsible don't actually pay the fines themselves the way they would required to under any even remotely sane system
However, she knowingly shared confidential information, and in doing so put someone at risk of physical harm, even if inadvertently. A small fine is not enough; being dismissed for not doing her job is not enough (that should have been automatic anyway). Scottish law provides for "reckless endangerment", but English law does not, so that is not an option at present. It is however pathetic that this is not reflected in her record and she is not forced to disclose it on every single job application ever that has anything to do with handling sensitive information.
"Unlawfully accessing personal data"
Sounds like a slap on the wrist - it's probably appropriate. Next up is the GOV! Oh no...
The ICO miss the point again
""This is not just a criminal breach of the Data Protection Act, but it also led to a police investigation of alleged domestic abuse being dropped,"
A failed police prosecution is not the reason the DPA needs to be updated, the point is that sensitive personal data was leaked that could have led to somebody being physically harmed or killed.
In my personal opinion, the victim would have a good case against the probation service for the mental harm the disclosure did actual cause, and if the local council had to re-house the victim, then they should be sending the bill to the probation service (again a good argument for a civil case), rather than expecting the council tax payer to pick up the bill to make somebody safe.
From the ICO website:
“Ms ***** escaped with only a relatively minor penalty and no criminal record. The government must act now to introduce tougher penalties for individuals who illegally access and disclose personal information.
“This is not just a criminal breach of the Data Protection Act, but it also led to a police investigation of alleged domestic abuse being dropped.”
So was she charged with a criminal offence of not? The ICO brought the prosecution, at the least they should have done a better job of presenting the case.
The day public officials get appropriately punished for mistakes they make in their job is the day judges and ministers fear for their future.
It's not going to happen.
It's a pity that the victim's faith in the system couldn't have been restored. As the alleged abuser knew he wasn't entitled to the information, unlike the person who mistakenly disclosed it, he should have been subject to much more severe penalties - basically, it wouldn't even be necessary to prove the abuse to lock him up for the rest of his life.
Nonsense - deliberately breaching the DPA (by the alledged abuser) is not sufficient reason to lock him up for life. The maximum penalty, as the article tells you is a £5k fine from a magistrate or an unlimited fine from a higher court.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Feature Be your own Big Brother: Monitoring your manor, the easy way
- Boffins say they've got Lithium batteries the wrong way around
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer