CPS fined £200,000 for failing to keep sensitive interviews safe
The Information Commissioner's Office has fined the Crown Prosecution Service (CPS) £200,000 after laptops containing sensitive police interviews were stolen.
Filmed interviews with victims and witnesses in more than 30 active investigations were on the computers, which were taken in a burglary at a Manchester-based media company last year.
The interviewees had described attacks of a violent or sexual nature in the footage, which was being edited for court. The Information Commissioner's Office (ICO) said the laptops had not been kept securely in the premises - a residential flat editors were using as a studio.
It ruled that the Crown Prosecution Service was negligent when it failed to ensure the videos were kept safe and did not take into account the substantial distress that would be caused if the videos were lost.
ICO head of enforcement Stephen Eckersley said handling videos of police interviews containing highly-sensitive personal data was central to what the CPS did, but that it had been “complacent".
“The consequences of failing to keep that data safe should have been obvious to them,” he said.
According to the ICO, many of the victims were vulnerable and had already endured distressing interviews with police. In the videos, they talked openly and referred to offenders by name.
The laptops were recovered by police eight days after the theft and the data is not believed to have been accessed by anyone unauthorised.
Eckersley added: “If this information had been misused or disclosed to others then the consequences could have resulted in acts of reprisal.”
As part of its investigations, the ICO found that the CPS had been engaged in an ongoing contravention of the Data Protection Act because of the way DVDs of police interviews were sent to the firm for editing.
It had delivered unencrypted DVDs to the studios using a national courier firm unless the case was urgent, when the sole proprietor would collect the unencrypted DVD from the CPS in person and take it to the studio using public transport.
The ICO said that remedial action had been taken from September 2014, when the theft occurred.
The CPS said the case was "a matter of real regret" but that it had now "strengthened" arrangements for the secure handling of sensitive material.
One in five feel more at risk
PublicTechnology research shows a big spike in the number of contracts awarded to IT security specialists by public-sector buyers
Auditors uncover £15m in fraud and errors and urge vigilance against dangers posed by pandemic
In a lengthy attempt to find out about the security of government’s software systems, PublicTechnology finds a very uneven approach to transparency and what constitutes sensitive...