ICO reprimands harbour board and police force over use of messaging apps on personal devices to share information

The Information Commissioner’s Office (ICO) has issued reprimands to Dover Harbour Board and Kent Police after officers from both organisations used WhatsApp and instant-messaging service ‘Telegram’ on their personal phones to share information for the purpose of combatting vehicle crime.

The watchdog found evidence that personal information was being shared in the group “without appropriate safeguards in place”. 

At the time of the investigation, the Telegram group included 241 officers from multiple UK police forces and international law enforcement agencies, the ICO revealed.

The Dover Harbour Board reprimand details that an officer from Dover Harbour Board “created and managed” the social media distribution group using his personal mobile phone, first on WhatsApp before moving it to Telegram in 2020. 

The ICO found that Dover Harbour Board had an “inadequate awareness of, and compliance with”, data protection law and that its data protection training was “insufficient for operational policing purposes”.

Kent Police reported itself to the ICO after an officer disclosed their colleague took a photo of an individual’s identity document using a personal mobile phone and uploaded the image onto Telegram.

The ICO found the Kent Police officer did not inform the individual that further processing of his personal data would take place; how it would be processed; or the purpose for doing so.

Further, the ICO discovered 25 officers from the force were members of the Telegram group, with five known to have shared personal information and two having administration rights for moderation purposes.

The watchdog concluded that Kent Police had “failed to ensure officers were adequately informed that the use of personal devices to process data obtained in their official duties was not acceptable”.

The ICO revealed that once aware of its officers’ use of the group, Kent Police instructed them to stop using it “immediately”. Further, Dover Harbour Board has provided officers with further data protection training.

SallyAnne Poole, ICO Head of Investigations, said: “Data protection law is not a barrier to policing. But the use of these apps was the wrong approach and demonstrated a failure by both Dover Harbour Board and Kent Police to ensure their officers keep people’s personal information safe and secure. 

“We welcome the action already taken by both organisations and have suggested further steps to ensure their officers can carry out their responsibilities while ensuring that people’s personal information is handled carefully.” 

A spokesperson for Kent Police said: "Kent Police takes its responsibilities under the Data Protection Act seriously and accepts the findings of the Information Commissioner’s Office (ICO) including the recommendations made, the majority of which already form part of the force’s approach to data protection.

"The incident in question happened in 2021 and since that time the force has improved its data protection practices to reduce the chances of a repeat occurrence, including better training for officers and staff around such topics as what constitutes a data breach and how it should be reported."

Dover Harbour Board has been approached for comment.

Lottie Winson