Current timestamp: 08/12/2023 12:12:09
AgeAlertAnonymousAppealsApplicationsApply Or RegisterArea OutlineArrow DownArrow LeftArrow RightArrow UpAutomatic DoorsBack ArrowBusinessCalendarCashArrow DownArrow LeftArrow RightArrow Down[Missing text '/SvgIcons/Symbols/Titles/icon-chrome' for 'English (United Kingdom)']ClockCloseContactDirectionsDocumentDownloadDrawDrugExpandExternal LinkFacebookFb CommentFb LikeFiletype DefaultFiletype DocFiletype PdfFiletype PptFiletype XlsFinance[Missing text '/SvgIcons/Symbols/Titles/icon-firefox' for 'English (United Kingdom)']First AidFlickrFraudGive FeedbackGlobeGuide DogHealthHearing ImpairedInduction LoopInfoInstagramIntercom[Missing text '/SvgIcons/Symbols/Titles/icon-internet-explorer' for 'English (United Kingdom)']LaptopLiftLinkedinLocal ActivityLoudspeakerLow CounterMailMapMap PinMembershipMenuMenu 2[Missing text '/SvgIcons/Symbols/Titles/icon-microsoft-edge' for 'English (United Kingdom)']Missing PeopleMobility ImpairmentNationalityNorth PointerOne Mile RadiusOverviewPagesPaper PlaneParkingPdfPhonePinterestPlayPushchairRefreshReportRequestRestart[Missing text '/SvgIcons/Symbols/Titles/icon-rotate-clockwise' for 'English (United Kingdom)']Rss[Missing text '/SvgIcons/Symbols/Titles/icon-safari' for 'English (United Kingdom)']SearchShareSign LanguageSnapchatStart AgainStatsStats And Prevention AdviceStopSubscribeTargetTattosTell Us AboutTickTumblrTwenty Four HoursTwitterTwitter LikeTwitter ReplyTwitter RetweetUploadVisually ImpairedWhatsappWheelchairWheelchair AssistedWheelchair ParkingWheelchair RampWheelchair WcYoutubeZoom InZoom Out

Leave this site

Skip to main content

Skip to main navigation

Welcome

This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.

Search this website

W2013 Procedure – Appropriate Access and Use of Police Information

Number: W 2013
Date Published: 15 March 2022
Version 7 – March 2022

1.0 Summary of Changes

On its yearly review this procedure has been updated to reflect new author details.

2.0 What this Procedure is about

This procedure details the circumstances where an officer or member of police staff or any other approved person working for or on behalf of the police may lawfully access, attempt to access, or use police information held by Essex Police.

Non-compliance with the provisions of this procedure may result in disciplinary action which could lead to dismissal and criminal prosecution under the Data Protection Act 2018 (‘the Act’) or Misconduct in Public Office.

Compliance with this procedure and any governing policy is mandatory.

3.0 Detail the Procedure

3.1 Police Information and Users of Police Information

This procedure applies to every ‘user’ of police information. A ‘user’ means any police officer, police staff member, or other approved person working for, or on behalf of, Essex Police, and any other person granted access to the Essex Police IT infrastructure who have access to ‘police information’.

‘Police information’ includes any information that is:

  • Created;
  • Obtained;
  • Held;
  • Stored;
  • Disclosed/Shared; or
  • Used in any other way.

by Essex Police, its officers, police staff and others working on the force’s behalf.
Police information may be held digitally within the force’s IT infrastructure, including the intranet, email, applications and databases. It can also exist in hard copy, in forms, in correspondence, in photographs or other images, and in other documents.

The majority of police information is accessed using police computers or print outs and recordings from those computers, but it can also be accessed or used as words spoken during conversations and meetings.

3.2 Valid Policing Purposes

Users must only access, or attempt to gain access, or use, any item of police
information for a valid policing purpose where to do so is necessary or required by their official role, to achieve the police force’s operational or support purposes.

Valid policing purposes may be split into a) Operational Policing Purposes and b)
Support Purposes.

Operational Policing Purposes include the:

  • Prevention and detection of crime;
  • Apprehension and prosecution of offenders;
  • Protection of life and property;
  • Maintenance of law and order;
  • Rendering of assistance to the public in accordance with force policies and
    procedures;
  • Audit.

Some police information is used for the activities that are necessary for the Support Purposes which help maintain the Operational Policing Purposes mentioned previously. Those support purposes include the management of finance, staff training and administration, health and welfare management, property management, provision of legal services, management of the IT infrastructure, media, licensing and registration.

3.3 Determining if Access or Use is Appropriate

Generally access or use of a particular item of police information is appropriate when a user does so in order to:

  • Follow a published force procedure or policy;
  • Comply with an approved information sharing agreement;
  • Undertake a regular process that is part of their role.

However, where there is doubt, users may ask themselves questions to help them decide:

Question 1: Does my role require that I access or use the particular piece of police information in question in the way proposed?

  • If the answer is ‘No’ then access or use would not be appropriate;
  • If the answer is ‘Yes’ you should then ask a further question:

Question 2: Would my access or use be for the benefit or the purposes of Essex
Police?

  • If the answer is ‘No’ then the access or use would be inappropriate as the activity would be for your personal purposes or benefit;
  • If the answer is ‘Yes’ then you should ask a further question:

Question 3: Would the access or use be necessary for one of the valid policing
purposes? - either one of the Operational Policing Purposes, or the Support Purposes, as previously explained.

  • If the answer is ‘Yes’ then the access or use is likely to be appropriate;
  • If the answer is ‘No’ then the access or use is inappropriate.

3.4 Misuse

Access, attempted access, or use other than in accordance with the above will be
considered as misuse of police information.

Misuse of police information will occur where a user accesses, attempts to access, or uses any item of police information:

  • When the access or use is not for a valid policing purpose; or,
  • In a manner beyond that required by their official role to achieve the force’s
    operational and support purposes; or,
  • In contravention of published force policy, procedure or information sharing
    agreement or data processing contract; or,
  • Where the primary motivation is for user’s own or a third party’s personal
    purposes, benefit or curiosity.

The list above is not exhaustive.

Misuse will also occur where an individual (person 1) directs a user (person 2) to
access or use police information inappropriately on person 1’s behalf.

3.5 Access and Use of Police Information for Training Purposes

Databases, systems or applications installed for training purposes will only be used for that purpose.

Officers and staff must never use ‘live’ police information for training purposes except where that activity takes place within formal training sessions supervised by trainers, or in circumstances prescribed by the relevant information system owner (see W 1005 Procedure/SOP – Information Asset Owners for details of information asset owners and their ‘custodians’).

Access to police information for training purposes must be 'blind' to the identity of the individual to whom the information relates. In practical terms that would preclude access by a user to information relating to friends, acquaintances, neighbours, family members, work colleagues, famous people etc.

3.6 Access and Use of Police Information for Testing of the IT infrastructure

It is recognised that users within IT Services may, in specific circumstances, need to access and use police information when attempting to identify the cause of issues with the IT infrastructure or when testing the impact of changes made to that infrastructure.

This could involve running searches across a database in order to identify whether expected data is returned from those searches.

On such occasions a user’s default position should be to conduct such tests against test data rather than live data. If that is not feasible, the user may test against live data. However, due to integrity considerations access to, and use of, police information for testing purposes must be 'blind' to the identity of the individual to whom the information relates. In practical terms this means the user must not conduct a search where the search criteria used relate to themselves friends, acquaintances, neighbours, family members, work colleagues, famous people etc. or where it could be reasonably assumed the search was likely to return information relating to such people.

3.7 Users’ Access and Personal Relationships

It is recognised that on occasions a user, as part of their role, may be required to
access or use police information concerning people they know outside of the police environment, such as friends, acquaintances, neighbours, or family members.

Where this occurs the user must report the circumstances to their supervisor or line manager who will reallocate the task to another user unless such a course of action is considered impracticable.

3.8 Overheard Conversations

Users may overhear conversations or otherwise become aware of information not
considered relevant to their role. Where such instances occur users must always treat such information with the strictest confidence. This will include not disclosing the information further to any individual either inside or outside the organisation unless required to do as part of their official police role.

3.9 Reporting Suspected Misuse of Police Information

Any individual who witnesses, identifies or becomes aware of possible misuse use of police information should refer the matter to the Professional Standards Department.

They may choose to do this anonymously, using confidential reporting routes.

A failure to report misuse may, in itself, be regarded as a disciplinary matter.

3.10 Discipline

Dependent upon the circumstances misuse of police information may result in
disciplinary action and/or a criminal investigation.

Misuse of police information relating to individuals’ ‘personal data’ is likely to be an offence under the Data Protection Act 2018.

Section 170 of the Act criminalises the deliberate or reckless obtaining, disclosing, procuring disclosure to another and retention of personal data without the consent of the ‘controller’. It also makes it an offence to sell or offer to sell personal data that was obtained, disclosed or retained unlawfully.

Section 170 of the Act states:

(1) It is a criminal offence for a person user knowingly or recklessly -
(a) to obtain or disclose personal data without the consent of the controller,
(b) to procure the disclosure of personal data to another person without the
consent of the controller, or
(c) after obtaining personal data, to retain it without the consent of the person
who was the controller in relation to the personal data when it was obtained.
Section 170(4) of the Act states:

It is an offence for a person to sell personal data if the person obtained the data
in circumstances in which an offence under subsection (1) was committed.
Section 170(5) of the Act states:

It is an offence for a person to offer to sell personal data if the person —
(a) has obtained the data in circumstances in which an offence under
subsection (1) was committed, or
(b) subsequently obtains the data in such circumstances.

In the case of Essex Police the ‘controller’ is the Chief Constable. Their consent is
demonstrated via by force policy and procedure, approved working practices,
instructions and operational orders.

Section 170(2) and (3) of the Act provide defences for the Section 170(1) offence.

Misuse of police information may also be a Common Law offence of Misconduct in
Public Office. The punishment for this offence comes with a potentially unlimited
custodial sentence and unlimited fine.

Misuse of police information can also be a criminal offence under Sections 1 to 3 of the Computer Misuse Act 1990.

Even where a criminal prosecution is not pursued it is likely that misusers of police information will be liable to disciplinary action that could result in dismissal.

3.11 National Crime Recording Standard (NCRS)

Where the offence under investigation is a notifiable crime (e.g. Section 170, Data Protection Act 2018), then it must be recorded as a crime in line with the National Crime Recording Standard (NCRS) and the Home Office Counting Rules (HOCR).

3.12 Use of Officers’ and Police Staff Members’ Personal Mobile Phone

In June 2019 the Joint Negotiating and Consultative Committee (JNCC), a regular
corporate meeting where Chief Officers meet with representatives of The
Superintendents’ Association, the Police Federation and Unison, agreed the
circumstances were officers and police staff members could be contacted by the
Force using their personal mobile phones.

The JNCC agreed that those who take part in voluntary arrangements such as MAT, on call will normally be contacted through their work mobile phone or personal mobile phone if they have agreed to provide their number and allowed the force to contact them in this way; this will remain the case while the force explores an IT solution.

Individuals who need immediate or urgent court warnings/de-warnings will normally be contacted through force equipment but, where it is essential to do so, personal mobile phones may be used.

There may arise an accident or emergency situation whereby personal mobile phones may need to be used as the most immediate and effective way of trying to reach individuals or their families where there is an overriding necessity to do so.

However, the force also recognises that all contact must be legitimate and
proportionate so it would never endorse the use of personal mobile phones for the purposes of routine business such as duty planning, unless the individual had given consent for this to be so.

The force recognises that individuals supply it with information that must be treated with respect, guarded closely and only utilised in accordance with the law.

4.0 Equality Impact Assessment

  • EIA – March 2020.

5.0 Risk Assessment

Any failure by an individual to follow the provisions specified within this procedure may result in an increased risk of harm to the reputation of the organisation or to the individual subject of the police information that was unlawfully accessed or used.

Essex Police must ensure that any information held by it as a data controller is held in accordance with the Data Protection Act 2018. A failure to adhere to the provisions of that act may well result in irreparable damage to the reputation of the organisation including considerable financial loss resulting from litigation or enforcement action by the Commissioner arising from a failure to discharge its lawful responsibilities.

Inappropriate access or disclosure of police information to an individual outside the provisions of this procedure may expose that individual to an increased level of risk of harm. Any circumstances relating to the misuse of police information must be reported immediately to the Professional Standards Department who will complete a full assessment of the risk brought about by the unlawful access or disclosure relating to any individual subject of that information. The risk assessment will be regularly updated throughout the process of the investigation.

6.0 Consultation

The following have been consulted during the formulation of this document:

  • Unison
  • Federation
  • PSD
  • Information Management

7.0 Monitoring and Review

This procedure will be reviewed every year by the Head of Information Management.

Additional review may take place where the need is identified. The Information
Management Board will maintain oversight of this procedure.

8.0 Governing Force policy.

Related Force policies or related procedures

  • W 1000 Policy – Information Management
  • W 1001 Procedure/SOP – ICT Acceptable Use
  • W 1002 Procedure/SOP – User Account Management
  • W 1005 Procedure/SOP – Information Asset Owners
  • W 1011 Procedure/SOP – Data Protection
  • W 1012 Procedure – Records Review, Retention and Disposal
  • W 1014 Procedure – Information Sharing Agreements
  • W 2011 Procedure – Transaction Monitoring and Audit
  • W 2040 Procedure – Records Centre (Dunmow)

8.1 Data Security

Essex Police have measures in place to protect the security of your data in
accordance with our Information Management Policy – W 1000 Policy – Information Management.

8.2 Retention & Disposal of Records

Essex Police will hold data in accordance with our Records Review, Retention &
Disposal Policy – W 1012 Procedure/SOP - Records Review, Retention and Disposal.

We will only hold data for as long as necessary for the purposes for which we
collected. Victims/public should be reminded that Essex Police take the protection of personal data seriously as described in the privacy notice.

9.0 Other source documents, e.g. legislation, Authorised Professional Practice (APP), Force forms, partnership agreements (if applicable)

  • EIA – March 2020