View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Newham Council Data Breach Saw “Gangs Matrix” Fall into Gang Hands

“Unnecessary, unfair and excessive."

By CBR Staff Writer

A sensitive police database detailing 203 alleged gang members and the weapons they are believed to carry was leaked by a London council in January 2017 and subsequently fell into gang hands, an Information Commissioner’s Office (ICO) report reveals.

The Newham Council’s borough subsequently experienced a “number of incidents of serious gang violence after the report was shared on Snapchat. The unredacted database had included alleged gang affiliation, dates of birth, home addresses, and information on whether they were a prolific firearms offender or knife carrier.

Victims of the violence included people who featured on the so-called “Gangs Matrix” the ICO notes, adding it cannot definitely link the breach and the violence.

Fining Newham council £145,000 this week, the data watchdog said: “It is not possible to say whether there was a causal connection between any individual incidents of violence and the data breach. The ICO does highlight the significant harm and distress that can be caused when this type of sensitive personal information is not kept secure.”

newham councilNewham Council Failed to Notify ICO

In a scathing report published Thursday, the ICO noted that the council had failed to notify it of the breach in early 2017 and did not start its own internal investigation until December of that year; a “significant period” after the council became aware of the breach.

This had occurred after a staff member emailed both a redacted and an unredacted copy of the database to 44 recipients.

These included council employees, a voluntary agency and the council’s Youth Offending Team. It was unclear from the report how it subsequently leaked to gang members.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The database in question, created following the London riots of 2012, is used to keep records on suspected gang members. The Metropolitan Police Service uses the database as a risk-assessment tool in tackling London gangs and has dubbed it the ‘Gangs Matrix’.

Gangs Matrix Back in Limelight

James Dipple-Johnstone, Deputy Commissioner of the ICO commented in the report that: “We recognise there is a national concern about violent gang crime and the importance of tackling it. We also recognise the challenges of public authorities in doing this. Appropriate sharing of information has its part to play in this challenge but it must be done lawfully and safely.

gangs matrix

Newham Council

“Our investigation concluded that it was unnecessary, unfair and excessive for Newham Council to have shared the unredacted database with a large number of people and organisations, when a redacted version was readily available. The risks associated with such a transfer of sensitive information should have been obvious.”

During the course of their investigation the ICO discovered that Newham Council had little to no policy or sharing agreements in place when it came to the handling of data taking from the Gang Matrix.

This resulted in the information being openly shared among staff and third-party organisations they interacted with during the course of their work.

This is not the first time the ICO has had to deal with mishandling of information contained within the gangs’ database. In November of 2018, the ICO found ‘multiple and serious breaches’ in the way police forces were using the Gangs Matrix.

Their investigation followed an Amnesty report into the matrix that stated: “Our research shows that the Gangs Matrix is based on a vague and ill-defined concept of ‘the gang’ that has little objective meaning and is applied inconsistently in different London boroughs.”

“The Matrix itself and the process for… sharing data with partner agencies appears to be similarly ill-defined with few, if any, safeguards and little oversight.”

Following an investigation the ICO concluded that many of the findings in the report were correct and subsequently issued an enforcement notice to the Met requiring it to make changes to the Matrix in order for it to comply with data protection regulations.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.