Police checks on partners broke data laws
Police officers and staff in Wales have broken the Data Protection Act 62 times in the past two years.
Four people were sacked and 14 resigned as a result of the breaches.
They were caught carrying out the breaches for non-policing purposes, BBC Wales has discovered under the Freedom of Information Act.
They included checks on partners, relatives and associates, altering their own records, and passing data to third parties.
A spokesperson for the Information Commissioner's Office, which is responsible for the enforcement of the Data Protection Act 1998, said officers and civilian staff had access to "highly sensitive personal information".
"It is important that they do not abuse this access and only use the information for their policing duties," the spokesperson added.
"We expect police forces to make substantial proactive efforts to check that any access to their records is for legitimate police purposes and to take action where they discover wrongdoing.
"Public officials who abuse their positions can face serious consequences including criminal prosecution under the Data Protection Act."
Figures show South Wales Police recorded 28 incidents in 2011 and 2012 where an officer or member of staff has breached the Act.
Of the nine resignations, three were given a formal police caution for checking the database "pertaining to an associate, altering own record on police system and checking third parties on police system not for a policing purpose".
Another who resigned was convicted at court after researching and disclosing information to a third party.
The other five resigned after:
- checking incident involving relative
- checking incident involving former partner
- misusing access to system
- checking family members on database
- inappropriately accessing footage of incident.
In addition, one personnel member was dismissed after "checking partner and third party on system".
In a statement, the force said: "South Wales Police takes any breach of data protection extremely seriously.
"All employees are made aware of policies and procedures which are in place to govern the use of internal systems and in all cases where there have been breaches of data protection, action has been taken, including criminal prosecution where appropriate.
"Most of the cases identified have been as a result of robust action which has been taken proactively by the force.
"The vast majority of police staff respect and work within the data protection policies and procedures."
North Wales Police recorded 14 cases of unauthorised access to the police intelligence record along with nine cases of accidental disclosure of personal information, and one case of accidental disclosure of data.
As a result, two employees were sacked.
One person resigned after being prosecuted for unauthorised access and disclosure of police information.
In a statement, the force said it "takes very seriously the security and protection of its data and intelligence and all breaches of the Data Protection Act are investigated thoroughly where such breaches are alleged to have occurred.
"Audits are routinely conducted and any member of North Wales Police who is found to have breached data protection is disciplined.
"In the most serious cases, North Wales Police has prosecuted and will continue to prosecute such offences in the criminal court in addition to bringing internal misconduct proceedings."
There were a total of six breaches in Gwent Police in 2011 and 2012.
In 2011 a member of staff was dismissed while in a probationary period for misuse of the force systems.
An officer disclosed a photograph but resigned in relation to other matters while another officer was given a written warning after accessing police systems for a non policing purpose.
Last year, a member of staff resigned after receiving a caution after disclosure of information; a community support officer resigned after accessing police systems for a non-policing purpose, and a member of staff resigned after obtaining and disclosing personal data.
A force spokesman said: "Gwent Police makes every effort to ensure staff are aware of their responsibilities regarding data protection and our computerised systems have stringent checking facilities in place to ensure as much as possible that only appropriately risk assessed staff can view them. When there are breaches or potential breaches, they are investigated and dealt with appropriately.
"It should be emphasised that the vast majority of staff and officers adhere to policies relating to data protection and the force regularly reminds them of their responsibilities including the potential consequences if policies are breached."
Dyfed-Powys Police recorded three cases over the last two years and all three members of staff were given final warnings.
They came after an employee used police systems for personal use, while another checked the police database for personal gain and an officer breached confidentiality.
The force has also been asked to comment.
Dr Tim Brain, a former chief constable in Gloucestershire who is now a Cardiff University academic, said it was vital that data held by forces was used correctly.
"There are thousands of transaction every day and this represents a very small number where we have had problems," he said.
"There are mixed reasons why people look at them: Misplaced curiosity, doing a favour for a friend, or in the worst cases - and we have got no evidence of these cases falling into this category - selling information onto a third party.
"It's not just a breach of internal disciplinary procedures, which it certainly is, it's a breach of the law.
"It doesn't matter how serious or trivial they may seem - they are all breaches."