
UK spy agencies have collected bulk personal data since 1990s - ghosh
http://www.theguardian.com/world/2016/apr/21/uk-spy-agencies-collected-bulk-personal-data-since-1990s
======
secfirstmd
"For example, a newsletter circulated in September 2011 by the Secret
Intelligence Agency (SIS), better known as MI6, cautioned against staff
misuse. “We’ve seen a few instances recently of individuals crossing the line
with their database use … looking up addresses in order to send birthday
cards, checking passport details to organise personal travel, checking details
of family members for personal convenience,” it says.

“Another area of concern is the use of the database as a ‘convenient way’ to
check the personal details of colleagues when filling out service forms on
their behalf. Please remember that every search has the potential to invade
the privacy of individuals, including individuals who are not the main subject
of your search, so please make sure you always have a business need to conduct
that search and that the search is proportionate to the level of intrusion
involved.” Better where possible to use “less intrusive” means, it adds.

There has been disciplinary action. Between 2014 and 2016, two MI5 and three
MI6 officers were disciplined for mishandling bulk personal data. Last year,
it was reported that a member of GCHQ’s staff had been sacked for making
unauthorised searches.

The papers show that data handling errors remain a problem. Government lawyers
have admitted in responses to Privacy International that between 1 June 2014
and 9 February this year, “47 instances of non-compliance either with the MI5
closed section 94 handling arrangements or internal guidance or the
communications data code of practice were detected.” Four errors involved
“necessity and proportionality” issues; 43 related to mistransposed digits,
material that did not relate to the subject of investigation or duplicated
requests."

