The Information Commissioner’s Office (ICO) has called on the criminal justice sector to immediately stop collecting “excessive” amounts of personal information from victims of rape and serious sexual assault cases.
The call has been published in a formal commissioner’s opinion informing the sector how to use victims' personal data, from sources including digital devices, in compliance with data protection laws.
It says that currently, police ask victims to consent to them accessing significant amounts of personal data through a ‘Stafford statement’, as it is known in England and Wales.
Among the issues raised are that victims are reluctant to give police access to data on digital devices and that police forces do not always show compliance with data protection principles when obtaining information from victims’ phones.
The document cites research by the victims’ commissioner for England and Wales that showed that victims in 21% of complains had concerns about their digital material being downloaded and the disclosure of their GP, hospital, school and employment records.
Information Commissioner John Edwards (pictured) said: “Our investigation reveals an upsetting picture of how victims of rape and serious sexual assault feel treated. Victims are being treated as suspects, and people feel revictimised by a system they expect to support them.
“Change is required to rebuild trust that will enable more victims to seek the justice to which they’re entitled.”
He added: “I know the sector will support these recommendations. Change is possible and it must happen. The law requires it and my office will push for it.”
The recommendations include that the National Police Chiefs’ Council should stop police forces using statements to indicate general consent to their party materials, and that it should work with the College of Policing and Crown Prosecution Service (CPS) to produce advice and supporting forms for requesting personal information.
In addition, chief constables of police forces should ensure they are able to fully demonstrate compliance with data protection legislation when processing relevant information, and have policy, guidance and training in place for the management and retention of personal information.
In response, a CPS spokesperson said: “Prosecutors and investigators are asked to carefully consider when it may be necessary to seek a complainant’s personal data.
“Both the law and our guidelines set out clear parameters police and prosecutors must follow when making requests - they must be specific and only sought when necessary. Defence should be passed this information only to comply with our legal obligations where information is capable of undermining the prosecution case or assisting the suspect.
“We are working jointly with police and criminal justice partners to get this right and rebuild confidence, by providing early advice to focus the investigation on relevant lines of enquiry and looking at the suspect’s behaviour before, during and after the alleged incident.”
CPS statement issued after publication