Security

BCRP Intranet is used for the distribution of data about Members and 'Data Subjects' (offenders) and is therefore subject to the provisions of the 1998 Data Protection Act. It has been designed to meet exacting security standards as well as provide built-in controls to ensure that all Members are self-certified as compliant in terms of Data Integrity and Control policies.

Access is protected by a proprietary 1024-bit encrypted RSA login authentication handler. All accesses to all pages are passed through the key authentication handler to ensure access only to logged-in Members; all Members are automatically logged-out at the end of each access session.

In case of member abuse, all printable 'gallery' materials displaying pictures of excluded individuals are coded to show the Member responsible for the print-out and its distribution. A Report showing all log-ins by all Members can be used to indicate possible areas of abuse through password-sharing. All passwords can be automatically deleted and reset every three or six months. An audit trail of all logins and downloads is available for access by any Auditor at any time.

To date, these measures have been approved by all Police authorities which have shared data with schemes using BCRP Intranet. BCRP Intranet is consistent with data protection-related documentation published by Action Against Business Crime (AABP) suitably amended to cover the electronic distribution of images and other data related to offenders.