Surrey and Sussex Police Reprimanded for Unlawfully Recording Over 200,000 Phone Calls

Published on: 18 Apr, 2023
Updated on: 19 Apr, 2023

Surrey and Sussex Police automatically recorded ‘highly sensitive’ conversations with victims, witnesses and perpetrators over an extended period from 2017 say the ICO.

By Hugh Coakley

Surrey and Sussex Police have been reprimanded by the Information Commissioner’s Office (ICO) for recording more than 200,000 phone calls without people’s knowledge.

Recordings were automatically saved of calls with victims, witnesses, and perpetrators of suspected crimes. The ICO said the recording captured a “large variety of personal data during these calls and it considered that the processing of some of this data was unfair and unlawful”.

The ICO said they became aware in June 2020 that staff members across both police forces had access to an app that recorded all incoming and outgoing phone calls. 1,015 staff members downloaded the app onto their work mobile phones.

Although a fine of up to £1 million could have imposed, ICO has have instead issued a formal reprimand saying their “approach aims to reduce the impact of fines on those accessing public services and to encourage greater data protection compliance from public authorities to prevent harms from occurring in the first place”.

They have made recommendations to the police including that data protection should be considered “at the very beginning” when deploying apps.

Surrey Police and Sussex Police are to report back to the ICO within three months to say how they are addressing the concerns and recommendations.

A statement by Surrey Police said the app was made available in 2017 “…for use by a small number of specialist hostage negotiators for the purpose of supporting kidnap and crisis negotiations.

“Unintentionally, it was enabled for all staff to download without appropriate guidance in place. When enabled, the app records and stores all phone calls made on the mobile device.

“The forces took immediate action when the error was identified in March 2020 including removing access to the app, securing evidence and self-referring the breach to the relevant regulators, including the Investigatory Powers Commissioner’s Office (IPCO) and the Information Commissioner’s Office. The Crown Prosecution Service was also made aware”.

Temporary Assistant Chief Constable Fiona Macpherson said: “This case exposed a lack of governance around use of this digital application, and this is regrettable.

“As soon as the error was reported, we took urgent action to ensure that this did not happen again. A robust process is now in place to ensure any new requests for mobile apps are subject to appropriate due diligence and scrutiny.

Stephen Bonner, ICO Deputy Commissioner – Regulatory Supervision, said: “This case should be a lesson learned by any organisation planning to introduce an app, product or service that uses people’s personal data. Organisations must consider people’s data protection rights and implement data protection principles from the very start.”

“We also referred the matter proactively to the two regulatory bodies, ICO and IPCO, for their consideration and have fully complied with their directions.”