Met data breach compromises firearms security, says BASC

BASC has asked the Commissioner of the Metropolitan Police to clarify the legal basis for passing on addresses of its 30,000 firearm and shotgun certificate holders to external contractors.

The Met has confirmed it used Leeds-based company Corporate Document Services (CDS) to print leaflets advising certificate holders of a scheme to buy a product called Smartwater to forensically mark their guns.

BASC, the UK’s largest shooting organisation, understands CDS in turn sub-contracted distribution of these leaflets to Yes Direct Mail, who are also based in Leeds.

In its letter to Met Commissioner Cressida Dick, BASC has outlined concerns that the home security of certificate holders in London has been compromised by out-sourcing distribution of the leaflets.

The association has also asked the Met to clarify the legal authority to support an apparent breach of the Data Protection Act 1998 and wider guidelines surrounding privacy and marketing.

The data protection statement that both police and certificate holders agree to when an application is made only appears to give police permission to share personal details with GPs, other government departments, regulatory bodies or enforcement agencies. It does not cover commercial companies, even if they are approved by the police and hold security accreditation.

In addition, the Information Commissioner’s Office (ICO) – the UK’s independent authority for promoting data privacy – says prior consent must be obtained for direct marketing and this process places a number of obligations on organisations and companies.

The ICO says individuals should be allowed to opt in or out of direct marketing, while companies and organisations should specify methods of communication, ask for consent to pass details to third parties or clearly name and describe those third parties and also record when and how consent was received and exactly what it covers.

The ICO guidance also places the onus on companies to check whether an individual has subscribed to a preference service before it contacts them with marketing information.

Bill Harriman, BASC’s director of firearms, said: “BASC will always work with the authorities on initiatives we consider will improve firearms security.

“In this instance, however, we are seeking assurances from the Metropolitan Police that the manner in which this scheme has been rolled out has not actually put at risk the home security of firearms and shotgun certificate holders. We are concerned that each time that information is passed on, it heightens the risk that sensitive, personal data will be compromised.

“Further, we can see no legal authority which allows the Met to breach the Data Protection Act by passing on sensitive, confidential information to as many as three external companies.

“The Met appears to have struck at the heart of a key tenet of firearms security, that which comes from obscurity. Those who shoot are told at every turn by the police to take every precaution against strangers discovering where firearms may be stored. Such information is currency for criminals.

“BASC is treating this as a potentially serious breach of trust by the Met. We do not believe certificate holders have given their permission for their sensitive, personal information to be passed to third parties.

“BASC remains pleased to be a member of and a significant contributor to the Metropolitan Police Firearms Licensing Independent Advisory Group and we note the force has made significant strides forward in recent years in so far as improving its service to certificate holders. We are sorry that the manner in which the force has tried to implement their Smartwater initiative risks undermining the Met’s reputation in the shooting community.”