The National Police Chiefs’ Council (NPCC) is in talks with Public Health England (PHE) over concerns that the NHS Test and Trace programme presents a danger to the personal security of serving police officers, but has denied that this means the police will be able to opt out of contact tracing, or that forces will develop their own contact-tracing app.
Sky News had earlier reported that police chiefs had raised significant concerns around disclosing to NHS contact tracers the personal data of contacts who may be officers on active undercover or counter-terrorism duties, or civilian witnesses to and victims of crime, citing an undisclosed source. The news channel claimed there were even concerns that sticking to the letter of the law on contact-tracing rules might see entire police stations or units having to suspend their work altogether.
“To ensure information about policing activity and the privacy of members of the public is protected, police officers and staff will not be able to disclose sensitive information to the NHS Test and Trace service,” an NPCC spokesperson told Computer Weekly.
“The NPCC is in discussions with Public Health England [PHE] to resolve this issue and has proposed a system whereby police officers and staff in certain roles have their cases referred to a national vetted public health outbreak team,” the spokesperson added.
“Officers with symptoms will still be required to engage with the Test and Trace process at the outset. They will still be able to access appropriate medical advice and treatment if they have tested positive for coronavirus or are made aware that they have come into contact with someone who has tested positive.
“To be clear, police forces are not setting up a contact-tracing system for officers which is separate to the NHS Test and Trace service.”
Tom Chivers, ProPrivacy
Tom Chivers, digital marketing executive at ProPrivacy, said police forces were entirely right to be concerned about the levels of security offered by the Test and Trace programme, which he described as a “comedy of errors”.
“Anyone could phone up a known police officer and pretend to be a track and tracer. This could then lead to them getting a list of all their contacts, some of whom may be on undercover investigations – it could jeopardise a whole operation and even the officers’ lives,” said Chivers. “This problem is not just limited to police, though. Anyone could potentially be scammed by a track and tracer.
“The track and trace system is deeply flawed at the moment. The whole integrity of the scheme is built upon trust, which seems to be slowly ebbing away with each failure that rests at its feet. If the police cannot trust this scheme to safely handle their data, then why should we?”
This comes as digital privacy campaigners at the Open Rights Group begin the process of filing a complaint with the Information Commissioner’s Office, arguing that PHE’s failure to complete a data protection impact assessment had given it no confidence that the risks associated with the programme, and its accompanying mobile app, were being appropriately or adequately mitigated, and that the system was being deployed in breach of the European Union’s General Data Protection Regulation (GDPR).