Accidents
Interception of Communications
Summary:
Incorrect data was disclosed during an investigation into indecent images. A welfare check was delayed on a child believed to be in crisis.
Details:
In July 2015, it was reported that a public authority was undertaking an investigation into the uploading of indecent images of children and requested details of the account connected to the IP address used to upload the images. Issues with a new upgrade of the communication provider’s system resulted in incorrect data being disclosed. Investigations revealed that a further five requests had resulted in incorrect data being disclosed. Data was acquired in six cases that related to individuals unconnected with the investigations. In one of these cases a welfare check was delayed on a child believed to be in crisis.
Under the Regulation of Investigatory Powers Act 2000, Internet Service Providers and indeed other communication service providers (e.g. mobile phone network providers) are required to provide data to investigatory bodies such as the Police. This data can be used to support criminal investigation and prosecutions and in the protection of vulnerable children and adults. The data clearly has the potential to be safety related, but there is no obligation for data providers to treat it as such. In this case the data errors led to a child being exposed to additional risk of harm.
This incident highlights the importance of the integrity Data Property. It also shows the applicability of Data Safety Guidance to areas that are not traditionally encompassed by safety engineering.
Links
https://www.ipco.org.uk/docs/iocco/2015%20Half-yearly%20report%20(web%20version).pdf
(accessed 9 January 2019).