London Borough of Newham fined £145,000 over gang members' data leak

Incidents of gang violence, including murder, increased in the aftermath of the Newham Council data breach

The Information Commissioner's Office (ICO) has imposed a fine of £145,000 on the London Borough of Newham for a data breach that led to the disclosure of the personal details of 203 'gang members' featured on a police database.

The database, called 'Gangs Matrix', was maintained by the police to record information about actual and suspected gang members in London.

The database also ensures that intelligence about gang members is appropriately shared with relevant bodies to help them tackle gang activity in their areas.

Information about gang members was leaked in January 2017 after a Newham council worker emailed the redacted as well as unredacted copies of the Gangs Matrix to 44 recipients

In its investigation, the ICO found that the information about gang members was leaked in January 2017 after a Newham council worker emailed the redacted as well as unredacted copies of the Gangs Matrix to 44 recipients, including the council's Youth Offending Team and a voluntary agency. All these agencies cooperate with each other in an effort to check gang violence in the area.

What is worse, is that the Council only found out about the leak in December 2017 and initially considered it an internal matter - failing to notify the ICO, as required by law.

The data was originally sent to the council by the Metropolitan Police Service. The details that were leaked as a result of the data breach included addresses, dates of birth, associated gangs, and information on whether the individuals were prolific offenders (carrying firearms) or just carried knives habitually.

In its investigation, ICO found that due to the negligence of the council staff, the leaked information eventually reached the social media network Snapchat before finding its way into the hands of rival criminal gangs.

Victims included individuals whose information was leaked through the shared Gangs Matrix

In 2017, a surge in gang violence, including murder, occurred in the Borough of Newham, with victims including individuals whose information was leaked through the shared Gangs Matrix.

According to the ICO, it was "not possible to say" whether the attacks happened as a result of the breach, but it highlighted that such leaks of personal data can cause "significant harm and distress" to many people.

The ICO also found that the council had no guidelines or policy in place for its staff regarding how to securely use and handle the Gangs Matrix database.

The council had no guidelines or policy... regarding how to securely use and handle the Gangs Matrix database

"This is a reminder for organisations handling and sharing sensitive information to make sure they have suitable processes, training and governance in place to ensure they meet their accountability obligations," said James Dipple-Johnstone, deputy commissioner of the ICO.

"Ultimately, personal information must be processed lawfully, fairly, proportionately and securely, so the community can have confidence that their information is being used in an appropriate way," he added.

The IT Leaders' Summit is back - coming to London on 23 April.

This year, it will focus on 'Driving the Digital Roadmap for the Enterprise'. Speakers include Shivvy Jervis, The Trainline's Mark Holt, NatWest's Tom Castle McCann's Matt Groshong and a special keynote from a high-profile tech leader and visionary. For more details - and to reserve your place - check out the dedicated website. Places are FREE to qualifying CIOs, IT leaders and senior IT pros, but are going fast!