In December 2018, the Bermuda Police ‘released’ details of 42 licenced firearms holders who have submitted applications to have their annual licences renewed.
In what appears to be a serious blunder, the personal details of 42 applicants, rather than being retained within Bermuda, not transmitted outside of the constabulary, have been emailed beyond the service, beyond Bermuda.
When alerted to the conduct, the initial response was that an ‘error’ had occurred. The constabulary was invited to recommend how best the recipient should deal with the content of the email before this weekend there being concerns the email transmission, not a secure form of communication, could have been intercepted by others. Whilst the Police Commissioner, Stephen Corbishley acknowledged receipt of the request, no further response has been received.
The conduct, which appears to amount to a serious data ‘breach’ has therefore been referred to the island’s regulatory body, the Information Commissioner info@ico.bm / https://www.ico.bm (see below).
Of the 42 requests, 2 applicants are seeking renewal of a licence for ‘starting canons’ and 2 other applicants are requesting renewal of licences for ‘Hilti’ i.e. nail guns used in the construction industry. The remainder are for rifles and shotguns.
Bermuda’s gun control regime began with the Firearms Act 1973, a legislative response to the murders of Police Commissioner George Duckett, the Governor Richard Sharples and his Aide Hugh Sayers. All handguns are prohibited.
05/01/2019 – to: ‘Information Commissioner’ <info@ico.bm>
Subject: Bermuda Police Information Inadvertent Disclosure
Dear Sirs
I ask that you confirm whether or not the Bermuda police have, since 17/12/2018, reported to the ICO what appears to be a serious data breach.
In December 2018, I received an email with a covering note below which are displayed the personal details of every firearms applicant. This comprised a table with data supplied under the following headings:
Surname
Given Name
D.O.B
Address
# of firearms
Comments
I noted the email 31/12/2018 and acknowledged receipt. Later that day, the sender advised it had been provided in error. On 02/01/2019, I responded in respect of the email to the sender and the commissioner of police:
I note the email was apparently unintentionally sent to me.
I will review the content in more detail this week to decide how best to deal with it.
In the event you have any recommendations, I ask to be provided these before Saturday 05/01/2019.
Other than a ‘read -receipt’ acknowledgement from the Commissioner advising ‘was read on Wednesday, January 2, 2019 8:16:12 AM (UTC-04:00) Atlantic Time (Canada)’, I have heard no further.
I trust the Bermuda Police have self-notified the breach to you and are addressing the potential consequences.
If I can be of further assistance, please do not hesitate to return to me.
Yours faithfully,
P. Swift