The Metropolitan Police’s list of suspected gang members has seriously breached data protection laws, potentially causing “damage and distress” to the disproportionate number of black men on it, an investigation by the UK’s data protection watchdog has found.

The Information Commissioner’s Office (ICO) concluded the police’s database, which was set up in the wake of the 2011 London riots, failed to distinguish between the approach to victims of gang-related crime and perpetrators, leading to confusion among officers.

The ICO also revealed some London boroughs were using additional informal lists of people who had been removed from the so-called gangs matrix, meaning police continued to monitor people that intelligence indicated were not gang members.

Download the new Independent Premium app

Sharing the full story, not just the headlines

Moreover, the force was sharing the information with other bodies, such as local councils, housing associations, and education authorities, without providing sufficient guidance on how it should be used, the ICO said.

Elizabeth Denham, the information commissioner, pointed to the repercussions of the data breaches, saying “simply being on this database could lead to denial of services and other adverse consequences”.

She said inappropriate management of the database risked alienating groups the Met served.

“Building trust with communities to tackle gang crime comes from people knowing that engaging with the police will not have adverse consequences,” she continued.

Ms Denham said her office had launched a separate investigation into how police information was being used by other public bodies, such as local councils.

The gangs matrix, which holds the details of around 3,500 subjects, some as young as 12, labels young people as “gang nominals” and each is given a green, amber or red rating denoting their perceived risk of violence.

It stores their full name, date of birth, home address, and information on whether someone is a firearms offender or knife carrier.

The “very serious” data breaches date back to 2011 and have affected a “significant number” of subjects including children and vulnerable individuals, the ICO found.

The public organisation launched an investigation into the gangs matrix in October last year after Amnesty International argued it violated human rights and formed “part of an unhelpful and racialised focus on the concept of gangs”. Young black men and boys made up more than three-quarters of the list, it said.

The ICO stopped short of ordering the police force to stop collecting the information, but issued Scotland Yard with an enforcement notice, compelling it to reform its practices within six months.

The watchdog said the Met must improve guidance to explain what constitutes a gang member; properly distinguish between victims of crime and suspected offenders; and erase any informal lists of people who no longer meet the gangs matrix criteria.

Scotland Yard said it had already stopped sharing the register with other organisations where there is no individual sharing agreement in place.

James Dipple-Johnstone, deputy information commissioner of operations, said: “Protecting the public from violent crime is an important mission and we recognise the unique challenges the Metropolitan Police faces in tackling this.

“Our aim is not to prevent this vital work, nor are we saying that the use of a database in this context is not appropriate; we need to ensure that there are suitable policies and processes in place and that these are followed.

“Clear and rigorous oversight and governance is essential, so the personal data of people on the database is protected and the community can have confidence that their information is being used in an appropriate way.”

Amnesty International’s technology director Tanya O’Carroll said the ICO’s investigation confirmed the gangs matrix was “currently not fit for purpose”.