Over the last few years we have highlighted various privacy concerns about a range of government databases, from the National DNA Database to the DVLA database. Our report in 2011 found how nearly 1,000 police officers had been disciplined for unlawful accessing information over a three year period. Violations of the Data Protection Act included running background checks on friends and potential partners and passing on sensitive information to criminal gangs and drug dealers.
Today The Register has revealed that the RSPCA is able to access information from the PNC, despite not having any formal prosecution powers and not being a statutory-organisation. The information handed over is subsequently going unaudited by the Association of Chief Police Officers Criminal Records Office (ACRO) – run by the Association of Chief Police Officers – who also charge for the access. This is despite the PNC User Manual specifically stipulating that auditing is required for organisations that have had access to ‘sensitive information’. If auditing is not being carried out, it is impossible to know whether the RSPCA are using the sensitive data under necessity and proportionately and if they are deleting it when their investigation has concluded.