Surrey Police issued with reprimand for recording calls
It was issued following the rollout of an app that recorded phone conversations and unlawfully captured personal data.
Last updated 19th Apr 2023
Surrey Police, along with Sussex Police, has received a reprimand from the ICO.
The reprimand was issued following rollout of an app that recorded phone conversations and unlawfully captured personal data.
1,015 staff members downloaded the app onto their work mobile phones and more than 200,000 recordings of phone conversations, likely with victims, witnesses, and perpetrators of suspected crimes, were automatically saved.
Police officers that downloaded the app were unaware that all calls would be recorded, and people were not informed that their conversations with officers were being recorded.
The app was first made available in 2016 and was originally intended to be used as recording software by a small number of specific officers, but Surrey Police and Sussex Police chose to make the app available for all staff to download.
The app has now been withdrawn from use and the recordings, other than those considered to be evidential material, have been destroyed.
ICO Deputy Commissioner Stephen Bonner said "“The reprimand reflects the use of the ICO’s wider powers towards the public sector as large fines could lead to reduced budgets for the provision of vital services. This case highlights why the ICO is pursuing a different approach, as fining Surrey Police and Sussex Police risks impacting the victims of crime in the area once again.
“This case should be a lesson learned to any organisation planning to introduce an app, product or service that uses people’s personal data. Organisations must consider people’s data protection rights and implement data protection principles from the very start.”
Both Surrey and Sussex Police received a formal reprimand instead of a ÂŁ1 million fine.
In a statement, Surrey Police said that "The forces took immediate action when the error was identified in March 2020 including removing access to the app, securing evidence and self-referring the breach to the relevant regulators, including the Investigatory Powers Commissioner’s Office (IPCO) and the Information Commissioner’s Office.
"The Crown Prosecution Service was also made aware."
The statement went on to say that "Further enquiries established that only one of these could have had a potential impact if the case progressed to trial.
"Both force Professional Standards Departments were fully involved in the findings. At no point was any risk or harm to any data subject identified.
"All officers and staff who had downloaded the app were directed to delete any calls they had recorded without listening to them. The app and any files were removed and all mobile devices were reset to ensure that all the files were permanently deleted."
Temporary Assistant Chief Constable Fiona Macpherson explained: “Police management of personal data is vital and we take rigorous measures to ensure this.
“This case exposed a lack of governance around use of this digital application, and this is regrettable.
“As soon as the error was reported, we took urgent action to ensure that this did not happen again. We initiated a review of all applications available on the corporate Google Play Store to ensure that there are no other applications that may have had similar functionality. A robust process is now in place to ensure any new requests for mobile apps are subject to appropriate due diligence and scrutiny.
“Steps were also taken to mitigate the situation by establishing how many officers had downloaded the app, the extent of their use of the app and any potential impact on upcoming legal proceedings. Officers and staff were also given clear instructions to delete any conversations they had recorded without listening to them.