CPS fined £200,000 for failing to keep sensitive interviews safe
The Information Commissioner's Office has fined the Crown Prosecution Service (CPS) £200,000 after laptops containing sensitive police interviews were stolen.
Filmed interviews with victims and witnesses in more than 30 active investigations were on the computers, which were taken in a burglary at a Manchester-based media company last year.
The interviewees had described attacks of a violent or sexual nature in the footage, which was being edited for court. The Information Commissioner's Office (ICO) said the laptops had not been kept securely in the premises - a residential flat editors were using as a studio.
It ruled that the Crown Prosecution Service was negligent when it failed to ensure the videos were kept safe and did not take into account the substantial distress that would be caused if the videos were lost.
ICO head of enforcement Stephen Eckersley said handling videos of police interviews containing highly-sensitive personal data was central to what the CPS did, but that it had been “complacent".
“The consequences of failing to keep that data safe should have been obvious to them,” he said.
According to the ICO, many of the victims were vulnerable and had already endured distressing interviews with police. In the videos, they talked openly and referred to offenders by name.
The laptops were recovered by police eight days after the theft and the data is not believed to have been accessed by anyone unauthorised.
Eckersley added: “If this information had been misused or disclosed to others then the consequences could have resulted in acts of reprisal.”
As part of its investigations, the ICO found that the CPS had been engaged in an ongoing contravention of the Data Protection Act because of the way DVDs of police interviews were sent to the firm for editing.
It had delivered unencrypted DVDs to the studios using a national courier firm unless the case was urgent, when the sole proprietor would collect the unencrypted DVD from the CPS in person and take it to the studio using public transport.
The ICO said that remedial action had been taken from September 2014, when the theft occurred.
The CPS said the case was "a matter of real regret" but that it had now "strengthened" arrangements for the secure handling of sensitive material.
Select committee repeats request to stop sharing with the Home Office the name and address of suspected immigration offenders, but NHS Digital insists arrangement is ‘in the public interest’
Cybersecurity unit director reveals how US intelligence agency is working to spread best practice by promoting openness and collaboration
As an ever-greater volume of increasingly sophisticated devices watch us all, PublicTechnology talks to regulator Tony Porter about his office’s role in ensuring surveillance is always...
Information commissioner Elizabeth Denham issues update acknowledging changes made by social network but stressing ‘it is too early to say whether they are sufficient under the law’