recent work

Police Force fined £120,000 for data breach

Greater Manchester Police has been fined £120,000 by the Information Commissioner’s Office (ICO) for losing an unencrypted USB memory stick that was also not password-protected. Data on the memory stick included ‘details of more than a thousand people with links to serious crime investigations and was stolen from an officer’s home’.

The USB stick has not been recovered and although the officer had been issued a Force USB stick in 2004, it wasn’t encrypted, and the officer replaced the stick with his own personal one when the stick became full.

‘The ICO found that a number of officers across the force regularly used unencrypted memory sticks, which may also have been used to copy data from police computers to access data away from the office’.

The Force suffered a similar breach in 2010, but had not ensured that its staff were trained sufficiently in data protection.

David Smith, ICO director of data protection, said: “This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine. It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action. This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes.”

Comment
Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic data protection policies and procedures that are above the law. We can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. We can either provide clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches, or a retained consultancy service, whereby one of our dedicated staff members works onsite with your staff for a pre-agreed number of days per week. Please get in touch to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk