Vodafone accidentally sent the mobile phone data of more than 1,000 News UK employees to the Metropolitan Police Service (MPS), which had asked for information about just one journalist as part of an investigation into bribes made to public officials in exchange for confidential information.
The Met issued a warrant under the Regulation of Investigatory Powers Act (RIPA) to Vodafone in October 2013 as part of Operation Elveden, requesting the outgoing call data of a journalist who was under investigation.
The operator handed over the information in March 2014, apparently unaware it had supplied the records of other phone numbers on the News UK corporate account. Both Vodafone and the MPS informed the Information Communications Commissioner’s Office (IOCCO) of the error, but in September the Met revealed it planned to analyse the extra information.
“Once we and IOCCO were made aware in late September that the MPS intended to use the erroneously disclosed data, we urged that the MPS should delete all of the erroneously disclosed data under the appropriate statutory Code of Practice,” Vodafone told TechWeekEurope. “We also immediately began an internal investigation to analyse the material contained within the corrupted dataset.
“Our analysis revealed that the corrupted dataset was not coherent and lacked integrity, with columns of metadata incorrectly transposed and erroneous metadata included.
“Vodafone informed the MPS that, in our view, because of the corruption of the datasets these data should not be used for any investigations or prosecutions and also indicated that we would not be prepared to provide a witness statement in support of any such action.”
Vodafone said the data has since been returned by the MPS “unused” and says it has been regular contact with the Information Commissioner’s Office (ICO) which has launched an investigation into the breach after being informed by the IOCCO and could hit the operator with a hefty fine.
“We are making enquiries into the circumstances of the alleged breaches of the Data Protection Act and the Privacy and Electronic Communications Regulations before deciding what action, if any, needs to be taken,” an ICO spokesperson told TechWeekEurope.
The Newbury-based firm says it has addressed the “human error” that resulted in the breach and stressed that only details about the calls were disclosed, not the actual content of any communications. It also says that age of the data involved and the processes required to obtain it were a key factor in the blunder.
“To be clear, the unusually old age of the data required in response to this particular warrant from the MPS meant that we had to retrieve the metadata using different processes from those we normally use: we have no concerns with regards to the integrity of any other disclosures required under RIPA,” it said.
What do you know about UK mobile operators? Find out with our quiz!
OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…
European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…
James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…
Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…
Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…
Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…
View Comments
'but in September the Met revealed it planned to analyse the extra information'
and that is the very worrying part, the MPS knew the data was illegally supplied and unreliable, but still they were going to use it - the sort of attitude that requires the resignation of a senior police officer.