Every month it seems as if another corporation is apologizing to customers for a wide-ranging data breach. Despite its nearly limitless resources, the federal government has fared little better, proving itself incapable of protecting the sensitive information of its own employees from hackers. While there are important steps that businesses and government can take to help to protect vital information, the simple truth is that the sharing and collection of electronic data facilitates these sorts of breaches.
Last month, London’s Metropolitan Police Service announced that they had contacted London’s 30,000 firearms certificate holders as part of an alleged initiative to combat firearm theft. Leaflets were sent to licensed gun owners encouraging them to purchase anti-theft product SmartWater. SmartWater is an invisible liquid that is meant to be applied to valuables. According to the Metropolitan Police, Law enforcement is able to use UV light to identify items marked with SmartWater and return them to their rightful owner.
Alerting gun owners to a new anti-theft product is not in itself terrible – even though UK gun owners are already subject to burdensome storage requirements – but it is how the Metropolitan Police went about sharing this information with gun owners that has members of the UK gun community fuming.
In order to carry out the SmartWater campaign, the Metropolitan Police contracted with private firm Corporate Document Services Limited. In turn, Corporate Document Services Limited subcontracted work on the project to another company, Yes Direct Mail. As the Metropolitan Police have acknowledged, these contractors were provided the sensitive private data of London’s licensed gun owners.
In a sharply worded press release, the British Association for Shooting and Conservation condemned the Metropolitan Police’s marketing tactics as an unacceptable data breach. In addition to the potential security implications of such data sharing, BASC questioned the Metropolitan Police’s authority to share the data with private corporations. Further, BASC noted that the Metropolitan Police’s marketing methods were improper, citing rules from the UK’s Information Commissioner’s Office that severely limit how companies can use direct marketing.
An article published on UK information technology website The Register also pointed to concerns over the government disclosing gun owner data to third parties. The piece noted that the application for a firearm or shotgun certificate contains a stringent “Data Protection” provision. It states,
I understand that all information submitted will be handled in accordance with the Data Protection Act 1998 and the Freedom of Information Act 2000 and connected legislation. I understand and give consent for information contained within my application form or obtained in the course of deciding the application to be shared with: my GP, other government departments, regulatory bodies or enforcement agencies in the course of either deciding the application or in pursuance of maintaining public safety or the peace.
Note: Any information shared will be shared in accordance with data sharing protocols. We do not share your personal or company details with other applicants or members of the public and treat information in connection with the application in confidence, but individuals should be aware that we may be required to disclose some information in accordance with the legislation referred to above.
This provision suggests that an applicant’s information may be shared with their doctor or government agencies. However, the application appears to preclude the government from sharing gun owner data with private companies or other “members of the public.” To this point, BASC Director of Firearms Bill Harriman stated, “BASC is treating this as a potentially serious breach of trust by the Met,” adding, “We do not believe certificate holders have given their permission for their sensitive, personal information to be passed to third parties.”
The past year has seen a series of gun owner data breaches that span the globe. In January, officials from the Australia state of Victoria were forced to apologize after they inadvertently released the personal information of nearly 9,000 gun owners. In December 2016, the California Department of Justice apologized to the state’s certified firearms safety instructors after their sensitive information – including name, date of birth, and driver’s license number – was improperly sent to a reporter.
Whether by accidental or purposeful disclosure, governments have demonstrated an inability to adequately safeguard sensitive gun owner data. Just as in the case of firearm registration leading to confiscation, once data is collected on firearms and their owners, there is little stopping this information from being disclosed, mishandled, or abused by the government. This is why it is vital for all gun owners to resist efforts to centralize gun ownership data in whatever context they may arise.