An Information Commissioner’s Office (ICO) investigation into the actions of two former Metropolitan Police Service officers has concluded. The investigation followed a referral from the Met and looked at whether the two former officers had acted unlawfully by retaining or disclosing personal data. It came after they had spoken to the media about a case they had worked on as serving officers involving an MP.
Following a full investigation, the ICO has considered the evidence in this case carefully. After taking stock of advice from external legal counsel, the ICO has decided not to take formal regulatory action in this case.
The case was investigated under the previous legislation, the Data Protection Act 1998. The law has since been strengthened through the Data Protection Act 2018, of course, which adds a new element of knowingly or recklessly retaining personal data without the consent of the data controller.
The ICO is advising anyone dealing with the personal details of others in the course of their work – be it in a police force, an NHS trust or a private sector business – to take note of this update to the law, and especially so when employees are retiring or taking on a new job.
The ICO’s investigation highlighted some opportunities for police forces to review their handling of personal data such as notebooks to ensure people don’t retain them when leaving the service.
The National Police Chiefs’ Council will be taking this matter forward and providing further advice to forces.