In an unexpected turn of events, today, 3rd May 2022, Elizabeth Lealman of the ICO, (no stranger to previous questionable decisions), overturned this decision after Bedfordshire police requested a review.
All letters are published at the end of this article.
Summary of the circumstances leading to the data breach
I made a Subject Access Request (“SAR”) to Bedfordshire police seeking copies of ‘my personal data‘ held by Bedfordshire police, under Article 15, Right of Access of the UK General Data Protection Regulation (“GDPR”)
Within my SAR, I made a specific instruction that the Bedfordshire Information Rights dept, do not divulge my personal data to anyone for any reason. They confirmed they wouldn’t.
It is accepted that there is a provision under part 3 of the DPA that personal data can be shared by a competent authority, for specific law enforcement purposes. I reject that the disclosure of my personal data falls under this provision.
DC Neil Patrick is a police officer who was investigating an alleged offence relating to another person (Angela). I am the legal representative for Angela, I am her McKenzie friend. I am also a sworn witness for Angela in her defence. DC Neil Patrick was well aware of these facts which are confirmed in legal documentation that he was handed on 24th April 2021.
After I published an article on this website that proved DC Neil Patrick had sought to apply unlawful bail conditions preventing Angela from contacting me (her legal representative), the police lies begin to unfold.
Kevin Sharp (Head of Information Rights and Assurance) said;
“In Mid-October DC Neil Patrick from Cambs (collar 2346) contacted Information Rights regarding a police document that had been disclosed to a Mr Ponting which he believed should not have been disclosed to him.”
“As part of his investigation as to the origin of how Mr Ponting had this document in his possession, DC Patrick contacted Information Rights.”
This is false. DC Neil Patrick was aware that I was Angela’s McKenzie friend. As stated, notified formally on 24th April 2021 by a solicitor, and DC Neil Patrick referenced his knowledge of this in the police system when he applied for unlawful bail conditions to prevent Angela from contacting her legal representative.
In any event, there is nothing unlawful about me having this ‘police document’ and therefore, his request for details from Information Rights was not subject to Part 3 of the DPA and it was not a law enforcement purpose.
It has been admitted by Kev Sharp that he breached my personal data in his following comment;
“DC Patrick wished to find out whether the document had been disclosed to Mr Ponting by us in Information Rights as part of an information Request. Having searched our disclosure database, I confirmed to DC Patrick that Mr Ponting had made a Subject Access Request (SAR) with us. I also confirmed that the document had not been disclosed to Mr Ponting as part of the SAR and therefore it had not been disclosed by us.”
Kev Sharp clearly admits that he breached my personal data by notifying DC Neil Patrick that I made a SAR.
My SAR is personal and is considered my personal information.
Kev Sharp has confirmed in his letter that DC Neil Patrick was essentially “prying” into my business, stating he “wished to find out” whether the document had been disclosed by the Information Rights department. This is not a law enforcement purpose. The document was not legally protected and my having a copy of it is not in any way an offence. We could all ‘wish to know‘ anything, it does not make it a law enforcement purpose.
Even confirming to DC Patrick that I had submitted an unrelated SAR is in itself a breach of my personal data. You would expect that Kev Sharp, being the head of Information Rights would be aware of this.
Some days later, DC Patrick claims that the Crown Prosecution Service (“CPS”) ‘tasked him’ to contact me to see if I would be a witness for the police!
DC Patrick was well aware that I was the legal representative for Angela and also a witness for her defence.
DC Patrick failed to notify the CPS of this fact, instead, DC Patrick contacted Information Rights, using information already (unlawfully divulged to him) asked for my personal data (my email address) that they held relating to my private SAR.
Kev Sharp then went on to further breach my personal data, handing out my personal email address. Given I was not under investigation, was a legal representative of Angela and her witness, the disclosure of my personal data to ‘the prosecution’, was not a law enforcement purpose. It could be argued that the police knowingly attempted to tamper with a defence witness.
So, getting back to the point. Bedfordshire police sought a review of the ICO decision whereby they have made a determination that my personal data has been breached, and after submitting what would appear to be a ‘pile of lies’, the ICO decision-maker, Elizabeth Lealman, overturned the ICO decision and has stated (after the review request of Bedfordshire police)
I accept that the disclosure of your email address was processing[sic] under Part 3 for law enforcement purposes and therefore it is our view that there has been no breach in the disclosure of your email address in this case.
I have asked them to review their decision and depending on their response, I may consider a Judicial Review.
Initial Letter from Kev Sharp, the head of Information Rights in relation to the data breach complaint.
ICO Confirmation that a data breach occurred.
ICO letter overturning their previous decision after Bedfordshire police asked for a review.
ICO confirm my request for a review is accepted