Investigatory Powers Commissioner’s Annual Report 2019
Error Investigation 4
Public Authority
Human or Technical:
Human (SPoC)
Classification:
Misinterpretation of Data
Data Acquired:
Username activity: Customer information relating to an Internet
Protocol Address Resolution (IPAR)
Description:
A public authority had arrested a suspect for online grooming offences.
Following pre-charge advice, an officer made an application to identify
where the suspect’s username had accessed the internet.
The IP address covering the time and date was supplied to the public
authority by the overseas TO. The document provided by the TO
consisted of two pages with the IP address located on page one.
The SPoC resolved the IP address and obtained customer details,
including a name and address for the suspect. The authority made a
visit to the address. The visit found no family link to the suspect and
the officers suspected that an error had been made.
Closer examination of the overseas result revealed on page two a
declaration stating the last octet for the IP address had, for GDPR
reasons, been truncated to a zero.
For this particular IP, the last octet could be any number between
0 – 265. The TO had changed each of the 265 endings all to a zero.
Consequence:
A home of a family unconnected to this investigation was visited and
the occupants spoken to.
There was no determination by the IPC, as the effect on those visited
was assessed not to have caused significant prejudice or harm.
153