Police Scotland breached guidelines on accessing data without proper consent when the force tried to discover more details about a journalist’s sources, a review has found.
Sir Stanley Burton, the Interception of Communications Commissioner, concluded the force contravened the Acquisition and Disclosure of Communications Data Code of Practice in five applications for data, all linked to one investigation.
The Interception Of Communications Commissioner’s Office (IOCCO) carried out the review after fears were raised officers had been “illegally spying on journalists”.
Sir Stanley said judicial approval had not been obtained by the police and added the force had “failed to satisfy adequately the requirements of necessity and proportionality”.
Two of the five applications for data had been approved by a designated person who was “not independent of the investigation”, he added.
The commissioner said: “I am satisfied that four individuals were adversely affected by these contraventions and that the failures identified can properly be viewed as reckless.”
He has now contacted the individuals involved to alert them.
The commissioner added: “The primary concern throughout this investigation was to protect the privacy of individuals who may have been adversely affected and to ensure that those individuals are able to seek effective remedy.
“I also recognise the public interest in these matters and the importance of the provisions passed by Parliament in March 2015 to protect the confidentiality of journalistic sources.”
Assistant Chief Constable Ruaraidh Nicolson said: “Police Scotland can confirm that it did not adhere to the new guidelines covering access to communications data during a recent investigation into alleged serious breaches of information security.”
Liberal Democrat justice spokeswoman Alison McInnes said both the Chief Constable and Justice Secretary Michael Matheson must now “account for their actions”.
She said: “Both Police Scotland and the Scottish Government have known for months that the national force was involved and yet said and did nothing.
“Now that we have confirmation it is absolutely vital they are held to account so we can ensure freedom of the press and freedom of speech in this country.”
The MSP is now urging colleagues on Holyrood’s Justice Committee to press Mr Matheson and the Chief Constable on the matter.
Ms McInnes said: “It is not just reckless, it is outrageous that police officers thought they were above the law and simply reinforces the need for a wider inquiry into the workings of Police Scotland.
“By intruding on confidential exchanges without judicial approval they risk destroying the public’s trust in a body that should be focusing on protecting our communities.
“This is the worst kind of cover-up because one of journalists’ key roles is to hold people, public bodies and governments to account.”
Police Scotland has now put in place “significant measures in order to prevent any recurrence of such contraventions,” the commissioner said.
Mr Nicolson, who has overseen Police Scotland’s response to the IOCCO inspection, said the five applications for data concerned “were all directly connected to one investigation into the alleged unauthorised release of sensitive police information in early April 2015”.
He added that the IOCCO inspection had found these “were not in accordance with the terms of the new Code of Practice covering the acquisition of communications data which came into effect on March 25 2015”.
The senior police officer stated: “For the purposes of clarification, none of the applications concerned a journalist.
“IOCCO has noted that there was no evidence of an intentional act by Police Scotland to avoid the requirements of the Code.
“A detailed action plan was put in place as soon as the issue was highlighted by IOCCO and no further recommendations have been made to Police Scotland.
“IOCCO has also commented on the robust and rigorous steps Police Scotland has taken to ensure processes for all applications for communications data are fully compliant with the Code of Practice and all legislative requirements.
“Police Scotland is aware that IOCCO intends to notify those individuals considered to have been affected. In consequence of that ongoing process, it would be inappropriate to comment further.”
John Foley, chief executive of the Scottish Police Authority (SPA), said it had now requested inspectors carry out an “in-depth assurance review of the effectiveness and efficiency of Police Scotland’s counter corruption practices”.
The watchdog wants HM Inspectorate of Constabulary in Scotland to do this work.
Mr Foley said: “SPA would anticipate this review providing an independent view of the operations, systems and procedures in place with the objective of providing assurance against best practice, and informing any recommendations for improvement.
“SPA considers that such a review will be timely in ensuring that going forward we have the most effective approach possible to dealing with counter corruption issues within Police Scotland.
“It will be for HMICS to agree the detailed terms of reference, however SPA would look for that to include operational effectiveness and efficiency, the independence of the internal investigation function, its governance and accountability, and training and guidance for officers and staff.
“Given the considerable public interest in this issue, we hope that the review can be progressed in order for a final report to be made available in the spring of 2016.”
Other opposition parties were also critical, with Labour justice spokesman Graeme Pearson saying: “This reckless conduct falls well below the standards we expect of our police service. The breaches must have been approved at a very senior level by someone.
“I want to know who, why, when and where these approvals were sought and authorised.
“I also want to know what the Scottish Police Authority will do about it after months of avoiding this important issue.”
Green justice spokesman John Finnie said: “The commissioner’s statement is a damming indictment on Police Scotland and I trust that all four individuals will seek full redress.
“It’s vital an attentive press holds our institutions, public officials and elected representatives to account.
“Sadly, this finding shows that Police Scotland are willing to circumvent this scrutiny and the reckless disregarded they have for others’ privacy.”
Mr Matheson stressed: “Any breach of the Code of Practice in this area is unacceptable and I expect Police Scotland to comply fully with any recommendations made by IOCCO.
“A free press is the cornerstone of a healthy democracy and we are committed to protecting the privacy of all law-abiding members of the public, including journalists.
“It is important to recognise that, since these breaches were discovered in July 2015, Police Scotland has been working on a robust action plan to ensure there have been no repeat of these incidents, and that it cannot happen again.
“It is clear Police Scotland’s actions in accessing communications data have fallen short of the standards expected and I welcome today’s announcement by the Scottish Police Authority that they have asked HMICS to review the robustness of procedures around Police Scotland’s counter corruption practices.”