First published: 30th June 2009
An Edinburgh policewoman, Anna Wong, is facing 54 charges of breaching the Data Protection Act in the Edinburgh Sheriff Court. Originally from Hong Kong, Wong claims she used the Scottish Intelligence Database and the Lothian and Borders Operational Support System to search for details of outstanding cases against two people she knew. However, faced with difficulty in recording Chinese names on the computer database, she widened the search to "Chinese" and began accessing others in the Chinese community.
Sheriff Elizabeth Jarvie QC described the breach as "very serious" and said that there was "no legitimate police purpose" for the database access. The Sheriff also called for a report on what safeguards have been put in place to protect people's private data, from the Lothian and Borders Chief Constable David Strang.
Writing in his blog, Sophos technology consultant Graham Cluley found it galling "to hear that a database being run by the authorities in a multi-cultural society cannot easily search for names which use foreign characters". He suggested that criminals could change their names to take advantage of the omission. But, more seriously, he asked, "but what practical safeguards can we put in place to police the many people who are authorised to access the data? This is going to be an enormous challenge moving forward. "
Wong will be sentenced next month.