Home   Dover   News   Article

Officers at Kent Police and Dover Harbour Board reprimanded following data breach via WhatsApp and Telegram

Kent Police and Dover Harbour Board have been reprimanded after being caught sharing confidential information via social media app WhatsApp.

The Information Commissioner’s Office (ICO) carried out an investigation into the data breach and has today released its finding.

A Kent Police officer is reported to have shared a photograph of an individual’s identity document on a social media app. Picture: Stock image
A Kent Police officer is reported to have shared a photograph of an individual’s identity document on a social media app. Picture: Stock image

Officers from both organisations used social media app, WhatsApp, and instant-messaging service, Telegram, on their personal phones to share information for the purpose of combatting vehicle crime.

The probe found that in total the Telegram group included 241 officers from multiple UK police forces and international law enforcement agencies and that while personal information was being shared, no appropriate safeguards were in place.

Instead, there are official channels for law enforcement agencies to lawfully share information which should be used by staff.

It was found that an officer from Dover Harbour Board, which runs the Port of Dover, created and managed the social media distribution group using his personal mobile phone, first on WhatsApp before moving it to Telegram in 2020.

ICO investigators discovered that Dover Harbour Board had an inadequate awareness of, and compliance with, data protection law and that its data protection training was insufficient for operational policing purposes.

No risk assessment was carried out when setting up the groups and no safeguards were put in place; such as a process to remove members who left law enforcement employment.

Since the incident, Dover Harbour Board has provided officers with further data protection training and the ICO has recommendations including reviews of its data protection policies and the potential use of any other social media groups by its staff.

The decision to issue a reprimand to Dover Harbour Board is aligned with the ICO’s public-sector approach. A fine of £500,000 was considered, but large fines for public sector organisations come out of the public purse and the impact is therefore felt in the form of reduced budgets for vital services.

Dover Harbour Board, which runs the Port of Dover, has received a reprimand from the ICO
Dover Harbour Board, which runs the Port of Dover, has received a reprimand from the ICO

Kent Police reported itself to the ICO after an officer disclosed their colleague took a photo of an individual’s identity document using a personal mobile phone and uploaded the image onto Telegram.

The ICO discovered that 25 officers from the force were members of the Telegram group, with five known to have shared personal information and two having administration rights for moderation purposes.

The ICO concluded that Kent Police had failed to ensure officers were adequately informed that the use of personal devices to process data obtained in their official duties was not acceptable.

Once aware of its officers’ use of the group, Kent Police instructed them to stop using it immediately.

The ICO has since issued a reprimand and made recommendations including the provision of guidance around the use of social media apps.

Sally-Anne Poole, ICO head of investigations, said: “Data protection law is not a barrier to policing, but the use of these apps was the wrong approach and demonstrated a failure by both Dover Harbour Board and Kent Police to ensure their officers keep people’s personal information safe and secure.

“We welcome the action already taken by both organisations and have suggested further steps to ensure their officers can carry out their responsibilities while ensuring that people’s personal information is handled carefully.”

A spokesperson for Kent Police added the force takes its responsibilities under the Data Protection Act seriously and accepts the findings of the ICO, including the recommendations made, the majority of which already form part of the force’s approach to data protection.

“The incident in question happened in 2021 and since that time the force has improved its data protection practices to reduce the chances of a repeat occurrence, including better training for officers and staff around such topics as what constitutes a data breach and how it should be reported,” they added.

A port spokesman added: “The matter reported is from several years ago.

“Whilst we question some of the findings, being a responsible organisation we have already acted to ensure procedures are tightened, which has been welcomed by the ICO, as our police officers continue to combat vehicle crime and keep our customers and community safe and secure.”

Close This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.Learn More