Vodafone accidentally sent the mobile phone data of more than 1,000 News UK employees to the Metropolitan Police Service (MPS), which had asked for information about just one journalist as part of an investigation into bribes made to public officials in exchange for confidential information.
The Met issued a warrant under the Regulation of Investigatory Powers Act (RIPA) to Vodafone in October 2013 as part of Operation Elveden, requesting the outgoing call data of a journalist who was under investigation.
The operator handed over the information in March 2014, apparently unaware it had supplied the records of other phone numbers on the News UK corporate account. Both Vodafone and the MPS informed the Information Communications Commissioner’s Office (IOCCO) of the error, but in September the Met revealed it planned to analyse the extra information.
“Once we and IOCCO were made aware in late September that the MPS intended to use the erroneously disclosed data, we urged that the MPS should delete all of the erroneously disclosed data under the appropriate statutory Code of Practice,” Vodafone told TechWeekEurope. “We also immediately began an internal investigation to analyse the material contained within the corrupted dataset.
“Our analysis revealed that the corrupted dataset was not coherent and lacked integrity, with columns of metadata incorrectly transposed and erroneous metadata included.
“Vodafone informed the MPS that, in our view, because of the corruption of the datasets these data should not be used for any investigations or prosecutions and also indicated that we would not be prepared to provide a witness statement in support of any such action.”
Vodafone said the data has since been returned by the MPS “unused” and says it has been regular contact with the Information Commissioner’s Office (ICO) which has launched an investigation into the breach after being informed by the IOCCO and could hit the operator with a hefty fine.
“We are making enquiries into the circumstances of the alleged breaches of the Data Protection Act and the Privacy and Electronic Communications Regulations before deciding what action, if any, needs to be taken,” an ICO spokesperson told TechWeekEurope.
The Newbury-based firm says it has addressed the “human error” that resulted in the breach and stressed that only details about the calls were disclosed, not the actual content of any communications. It also says that age of the data involved and the processes required to obtain it were a key factor in the blunder.
“To be clear, the unusually old age of the data required in response to this particular warrant from the MPS meant that we had to retrieve the metadata using different processes from those we normally use: we have no concerns with regards to the integrity of any other disclosures required under RIPA,” it said.
What do you know about UK mobile operators? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
'but in September the Met revealed it planned to analyse the extra information'
and that is the very worrying part, the MPS knew the data was illegally supplied and unreliable, but still they were going to use it - the sort of attitude that requires the resignation of a senior police officer.