Met Police gang database in ‘serious’ breach of data-protection laws, ICO finds

Written by Sam Trendall on 16 November 2018 in News

After being hit with enforcement notice, the London force is working with the regulator to improve its practices

A database of information on gang activity maintained by London’s Metropolitan Police Service (MPS) “led to multiple and serious breaches of data protection laws”, an investigation by the Information Commissioner’s Office has found.

The Gangs Matrix holds data on people suspected of being gang members. An ICO probe found that, while there is “a valid purpose for the database, the inconsistent way it was being used did not comply with data-protection rules”.

Breaches included keeping a data subject’s details “on an informal list of gang associates” even after they had been removed from the matrix. These lists were stored “on the relevant officer’s personal system drive”, the ICO said. Other formerly suspected gang members who had now been assessed as having “a risk score of zero” were not removed from the database at all. 

“As a result, data subjects are never truly removed from the Gangs Matrix,” the ICO enforcement notice said. “Their personal data continues to be processed as though they remained connected with gangs. Their personal data and supposed association is shared with third parties and subject to the general policy of the MPS to encourage enforcement against them.”

Related content

The Met’s data-sharing activities saw full, unredacted personal data contained in Gangs Matrix records provided to “a range of public authority and private body third parties with both statutory and non-statutory functions”, according to the ICO.

The MPS has been cooperating with the regulator and has already “stopped sharing personal data on the Gangs Matrix with third parties where there is no individual sharing agreement in place”. The force is now working with the ICO to undertake a data protection impact assessment.

Deputy information commissioner of operations James Dipple-Johnstone said: “I am pleased that the MPS has been cooperating with us and has committed to bringing the Gangs Matrix in line with data-protection laws, and we will continue to work with them. I believe that by taking these steps and demonstrating that people’s data rights matter to them, the MPS will be able to build increased trust amongst their communities.”

The concept of the matrix – which is characterised as “the bedrock” of the Met’s anti-gang strategy – is laid out in the force-wide Gangs Operating Model policy. But each of London’s 32 individual boroughs is responsible for maintaining their own localised database. This data is then collated into a citywide database.

The ICO’s investigation was launched a little over a year after human rights organisation Amnesty International raised concerns about the Gangs Matrix.

Deputy assistant commissioner of Met Operations Duncan Ball said: "The Gangs Matrix is an intelligence tool that the Met uses to reduce the impact of gang violence on the communities of London. It is designed to assist us in effectively targeting violent offenders and prevent victimisation of those affected by serious crime. We will continue to use the Gangs Matrix in our work to bring safety to communities.

He added: "We welcome the independent scrutiny of the Information Commissioner's Office and accept the Enforcement Notice issued against the Met for Data Protection Act breaches with regard to the Gangs Matrix. We have already started work to ensure that we improve our data handling and information sharing with partners, who are also involved in community safety work. As well as addressing the concerns within the ICO report, we are also taking forward additional work including the introduction of a public-facing website to explain the legal framework for the previous Gangs Matrix and further information to improve public confidence and transparency. We have a constructive relationship with the ICO and will continue to work with them as we go forward."

About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

What sensitive data did the Home Office lose in Belgrade?
29 September 2020

Department’s annual report shows, for the first time in many years, documents or data lost from a secure government building had to be reported to the ICO. PublicTechnology finds out more...

Personal data of all Welsh coronavirus cases compromised in breach
15 September 2020

Public Health Wales says leak that affected more than 18,000 people to have tested positive was attributable to ‘human error’

UK pins 'cynical and reckless' Olympic cyberattacks on Russia
20 October 2020

Government attributes 2018 campaign to Moscow and claims more assaults were planned for cancelled 2020 summer games

British Airways data-breach fine cut from £183m to £20m after ICO considers coronavirus impact
16 October 2020

Airline slapped with record penalty by ICO – albeit one that is grossly reduced on the regulator’s original intention

Related Sponsored Articles

Workspace, Not Workplace: How Agile Working Increases Productivity whilst Driving Engagement and Fostering Inclusivity
12 October 2020

2020 has been a year of unprecedented change for the UK public sector. Today’s agile working technology enables you to meet citizen needs in this challenging operating environment by empower your...

Why it is time to change our approach to cybersecurity
29 September 2020

Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from...

Intelligent Spend Management in the Public Sector
24 September 2020

SAP Concur says it's time for the public sector to embrace more efficient invoice management technology

Digital inclusion is vital during the COVID-19 accelerated channel shift
22 September 2020

Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend