Accept funding to address serious and organised online crime activity

This report seeks permission for the MPS to accept funding from the Home Office to expand its online capability, and to bid for funds to support cyber infrastructure and tactics.

The Home Office and NPCC Lead for Cyber, Chief Constable Goodman of Derbyshire are developing a joint strategy to address the growing issues of illegal goods and services for sale online.

The Deputy Mayor for Policing and Crime is recommended to:

• Approve an offer of grant funding from the Home Office of up to £500,000 over 2 years to form an Online investigative team targeting serious and organised crime
• Approve a bid from the Metropolitan Police Service to the Home Office Innovation Fund for grant funding of £120,000 in 2018/19 to develop and support intelligence gathering and enforcement capability.

1. Introduction and background

1.1. In support of a joint strategy with the Home Office and National Police Chief’s Council in relation to online criminality the Home Office has confirmed significant additional funding to increase online capability in every ROCU Cyber Crime Unit in England and Wales. This will also include the Metropolitan Police Cyber Crime Unit (MPCCU). This capability will be over and above existing staffing levels.

1.2. The funding is allocated to the MPS with a terms of reference for the unit. Spending and delivery will be scrutinised on a monthly basis by the Home Office and NPCC.

1.3. In support of the online capability funding the Home Office has also allocated Police Transformation funding to be bid against to deliver additional capability. The MPCCU request authority to bid for £120,000 to develop systems designed to enhance the capability to research and evidence.

2. Issues for consideration

2.1. If funding is not granted or supported during the December PIB process then the delay in recruiting staff and establishing the increased online capability will fail to utilise the full available funding within the 2018/19 window. The funding will not be carried over into the next financial year.

3. Financial Comments

3.1. This business case is to obtain funding from the Home Office to continue to support the cyber response within the MPS. The total bid is for:

2018/19 £250,000 additional ROCU funding

2019/20 £250,000 additional ROCU funding

2018/19 £120,000 Police Transformation Fund

3.2. At the conclusion of the funding period, following review, the MPCCU, if appropriate, will seek to maintain the assets through MPS funding and further appropriate bids for Home Office support. It is anticipated that the latter will be forthcoming as the majority of the funding is part of a national uplift of capability and supports the MOPAC Police & Crime Plan through to 2021.

4. Legal Comments

4.1. This report seeks MOPAC’s approval to be bid for grant funding of £620,000 to support staffing and infrastructure uplift.

4.2. Para 4.8 of the MOPAC Scheme of Consent and Delegation provides the DMPC with delegated power to approve any bid for grant funding.

4.3. The grant agreement will be published under the Elected Local Policing Bodies (Specified Information) Order 2011.

5. GDPR and Data Privacy

5.1. The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.

5.2. Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.

5.3. The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the project meets its compliance requirements.

5.4. A DPIA has been commenced for this project. The project will ensure a privacy by design approach, which will allow the MPS to find and fix problems at the early stages of any project, ensuring compliance with GDPR. DPIAs support the accountability principle, as they will ensure the MPS complies with the requirements of GDPR and they demonstrate that appropriate measures have been taken to ensure compliance.

6. Equality Comments

6.1. As this is an extension of an existing service this work does not change any aspects relating to equality or diversity. The purchasing of equipment will be compatible with assistive technology and training will be conducted on a needs basis.

7. Background/supporting papers

7.1. Report