The Information Commissioner’s Office and the Metropolitan Police are not overly fussed about the safeguarding of individual data.
A friend of ours had their phone stolen recently. Last month she was contacted by police who had found it on someone they had arrested for a different offence. The phone was released back to our source – however, on collection, our source found all the data kept by the person who had the phone was still intact.
We were able to see photographs, numbers dialled as well as an email address, an active iTunes account and Facebook login details, all of which were left on the phone – and our source was free to do whatever she wanted to with the data. Luckily for the bloke in question, what she wanted to do with it was absolutely nothing.
It doesn’t seem as though the ICO was too bothered. When we contacted them with our original query last week we were asked:
“Let me get this straight, you’re worried about the rights of criminals?”
We pointed out that as the person in question had not been charged, he may have innocently bought the phone. And while he may or may not have been involved in the theft, we also said that although the ICO branded him a criminal, he still officially had the same rights as the rest of us.
We were later told: “This is not really something we would usually comment on as in this case the police weren’t the data controllers.”
This is a public body that is in charge of many records. Because this case only relates to an individual with a private phone there is no data controller.
“In terms of good practice the police should have deleted the data,” she added.
We also contacted the Met, however, it was happy to shrug off the case, telling us there’s no standard for data. “It’s down to each individual station,” a spokesperson told us.