Re: Data Protetion Act?
Sorry to play the pedant, but this isn't right. While the force may well have also breached GDPR/UK GDPR/DPA '18, there is also a specific offence under s170 of the DPA '18 of obtaining personal data without the permission of the data controller (likely the force in this case), which is what the article refers to. Conversely, the Computer Misuse Act 1990 probably wouldn't apply since the officer in question was authorised to use the system, and the essence of the offences under that Act is _unauthorised_ access, rather than abuse of access which _is_ authorised.