I thought this was SOP for police, fire service, ambulance, council etc etc
He must have forgotten to make the standard anonymous call linking the target to something he could have a legitimate interest in. Silly boy...
A police officer who quit while under investigation for computer misuse crimes has walked free from court after pleading guilty to a total of nine offences. Michael Westbury, 55, of Aberystwyth, Wales, confessed to seven charges under the Computer Misuse Act and two under the Data Protection Act at Aberystwyth Magistrates' …
Better add in doctors to that list. In NZ a local ‘sleb went to the hospital having inserted an item into a lower orifice. Images were taken. Medics in several places unconnected to the case accessed the pictures and were duly caught and disciplined. Pour encourage les autres of course.
This post has been deleted by its author
I'd normally see this as a simple sacking offence, but given it's police records prosecution doesn't feel excessive. The sentence is not unduly punitive either, with the real punishments being the loss of job and the challenges posed by a criminal record.
In a way it's nice to see but I'd be less comfortable if a one-off access of private data led to a prosecution for people working in the private sector.
I don't quite agree. The police (and others) are acquiring more and more data, refusing to delete most of it, applying new and very intrusive technologies and procedures. And all the time they are saying "don't worry - only criminals need to worry".
Abuse of police data is much more serious than unauthorised access to any computer system containing commercial data, even if it is personal data. I would have expected to see some charges of "abuse of a public office" nature, not just computer misuse.
Of course, we don't know the details which went into the judge's sentencing, but I am disappointed that any abuse of police data can result in a non-custodial sentence. That should be top of mind for users whenever they access data on those systems.
"...I am disappointed that any abuse of police data can result in a non-custodial sentence."
If the information towards the end of the article accurately reflects the situation in 2020 then the overwhelming majority of instances of abuse of police data result in no action at all. The other article referred to was a conviction from a year ago.
Which raises another question: what was different about this case, that it went to trial? Was it simply that this was the only case which happened within the Dyfed-Powys force? That seems unlikely if this happened nearly 800 times across the UK in 2017 (from the penultimate paragraph).
I'd normally see this as a simple sacking offence, but given it's police records prosecution doesn't feel excessive. The sentence is not unduly punitive either, with the real punishments being the loss of job and the challenges posed by a criminal record.
As you say, it's not a million miles off. But for such an egregious breach of trust, it should be sacking and a life ban from any public sector job (which the criminal record may achieve, but I suspect doesn't entirely).
Given the number of annual offences and the light-touch response most of these cases get, there really does need to be a shift in emphasis. Police recruits should be read a DPA Riot Act - "You have very privileged access to very sensitive data. Mess with it and we will not only sack you, but you'll never work for any public sector agency or authority again, and their suppliers won't touch you either. You will go on a very serious black list after we're done working you over. Consider your life choices very bloody carefully.".
This should be read to them on day one, when they do their PNC training, and the day they pass out.
I have a colleague who worked for a company doing financial fraud-screening software and data management. He was left in no uncertain terms that if he ever nosed through the data for non-work purposes he would never work in the financial sector again, not even as a greeter in a retail bank. He described that place as more paranoid than <Govt Agency> he had also worked at. The Police should be more paranoid than the financial sector. Breaching trust as a Police Officer should more or less ruin your life.
My nephew did the same thing. He got stabbed in his stomach and then sacked. I've been on the pointy end of police abuse of their databases. Not a bleeding edge end, but nasty. I agree fully with all the previous comments. This is a nice, reassuringly rational forum.
Now that everyone knows police systems can snoop on individuals of interest is an entertaining admission. There'll be many wanting access to the records discovered stored in files harboured there, displaying and outlining operations, abilities and capabilities.
You think it would be proportional, after 24 years on the force.... 24 years, to completely remove his financial security because he committed a non violent crime and admitted to all charges?
If that is what you were implying, I hope you're not in a position of authority.
Now, if he was using his access to arrange burglaries of high value victims, or otherwise seeking to profit financially from his privilege then I might be more inclined to agree that a financial penalty was appropriate
What he did was absolute premeditated abuse. Any cop who does something like that should be hung up to dry, ridiculed, pilloried and never be allowed to forget it.
If we can't rely on their sense of decency and propriety not to do the wrong thing then fear of being caught and punishment it has to be. Anyone who shows such basic lack of impulse control is not suited to be in a position of power over other people.
Why?
If you were sacked from your job, would you expect to lose your pension?
He has lost his job, will have to declare the offence for job applications for a few years (and for insurance policies, loans etc). He will be barred from many jobs ex-coppers go for.
The sentence and collateral effects seem about right.
I once advised another 'law and order' organisation in the UK about information security. Addressing senior managers at one establishment, I opined that it was commonly believed that the most frequent misuse of the PNC was 'looking up the daughter's new boyfriend', and that it was likely that was the most common misuse of this organisations extensive files. The whole room went eerily quiet. I carried on with my presentation and didn't say a word (until now).
AC, for the obvious reasons.
The police have an obligation not to do these things - the punishment in this case should be the same as what a civilian who hacked into the system and did the same would face. 20 years? 30? A civilian certainly would not get mere community service. This is an outrage. Government employees and police should be faced with MUCH more severe penalties rather than the obligatory scot-free package. In the first place, part of the supposed qualification involves specifically knowing these things must not be done.
This is in the UK not the US. I'm not aware of any cases where "civilians" (which I interpret as meaning people who are not police officers. It would also exclude terrorists.) got 20-30 years for hacking offences. Perhaps you could tell us about some?
Your claims also run directly counter to the article itseld. The final paragraph reads:
"Statistics show that prison sentences in Computer Misuse Act cases are unlikely, though some offenders do find themselves behind bars, usually if a victim suffers financial loss or similar harm."
It even includes a link which notes that between 2008 and 2018 only 16% of those found guilty were given an immediate custodial sentence. So, can you provide some counter-evidence to support your claim that "A civilian certainly would not get mere community service." The facts show that yes, many many civilians get precisely that.
"He must also pay a total of £207 in prosecution costs".
Can the true prosecution costs really be that low?
When I was prosecuted from an offence, the prosecuting authority (not the CPS be the way) were warning me of costs IRO £10k. This was for fare evasion, despite their own revenue collection officer's witness statement confirming I had a valid season ticket for the journey and showed it to him (I know, it's a long story).
Naturally the Court found me not guilty.
He was snooping on a previous boyfriend of his current girlfriend.
If he had been snooping on the current boyfriend of a woman who was an ex-girlfriend of his, I would have been outraged that he wasn't sent to jail for several years. But in this case, it's possible that either he or his girlfriend had a legitimate concern that the victim would be a threat of violence to them.