Crown Prosecution Service hit with £325k fine for losing DVDs with ‘most intimate details’ of abuse victims

Written by Sam Trendall on 18 May 2018 in News
News

After ICO punishment, CPS claims new digital evidence-transfer system will mean such a breach can never happen again

Credit: PA

After losing unencrypted DVDs containing footage of interviews with 15 victims of child sexual abuse, the Crown Prosecution Service has been hit with a £325,000 fine from the Information Commissioner’s Office.

In response to the punishment, the CPS said that it is rolling out a digital system for transferring evidence to ensure it never again needs to rely on sending sensitive information through the post.

The lost discs “contained the most intimate sensitive details of the victims, as well as the sensitive personal data of the perpetrator, and some identifying information about other parties”, the ICO said. 

In November 2016 they were sent from one CPS office to another via tracked delivery.

The office where they were received was shared by CPS with other organisations. The DVDs, which were “not in tamper-proof packaging”, were sent outside office hours, and were left in the building’s shared reception area, according to the ICO.


Related content


Having gone missing, their loss was not discovered for a month. Victims were not told until March 2017, and the ICO was informed in April. 

It is still not known what happened to the DVDs.

The ICO pointed out that the CPS suffered a data breach in which video evidence was lost  – for which it was fined £200,000 about a year before this incident took place. Despite which, the CPS failed to make sure that “appropriate care was being taken to avoid similar breaches”.

Steve Eckersley, head of enforcement at the ICO, said: “The victims of serious crimes entrusted the CPS to look after their highly sensitive personal data – a loss in trust could influence victims’ willingness to report serious crimes. The CPS failed to take basic steps to protect the data of victims of serious sexual offences. Given the nature of the personal data, it should have been obvious that this information must be properly safeguarded, as its loss could cause substantial distress.

He added: “The CPS must take urgent action to demonstrate that it can be trusted with the most sensitive information.”

A spokesperson for the CPS said that the service is currently implementing a digital system “that allows the secure online transfer of material between the CPS and the police”, including sending video interviews. The introduction of this system “will mean we no longer need to rely on sending discs through the mail”, they said.

“We accept the ICO’s decision that we breached the Data Protection Act and last year contacted victims’ families to explain what had happened and apologise. We also offered to meet families face-to-face,” the CPS spokesperson added.

“There is no indication the material was viewed by any unauthorised person. CPS South East have completely reviewed their systems and processes for the receipt and handling of video interviews to ensure that this situation cannot arise again. The original version of the data was retained by the police, and the defendant pleaded guilty in court. He was given a six-year prison sentence in March 2017.”

CPS said that it will pay the fine before 13 June – which means that it will be reduced to £260,000. 

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

GDS working with departments to mitigate reported leak of sensitive data
23 July 2018

Report reveals that information has been made publicly available online via an information-sharing tool widely used by government developers

National police systems to be moved to AWS
16 August 2018

Home Office seeks suppliers for one-year project to migrate services from datacentre to public cloud

ICO appoints first-ever technology director
15 August 2018

Simon McDougall joins regulator in the role of executive director for technology policy and innovation

 

Related Sponsored Articles

Don’t Gamble with your password resets!
20 June 2018

The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security

Intelligent Connectivity: Boosting Flexibility and Control
13 August 2018

At BT, we realise that digital technology is changing the way we all do business. Make smart decisions with intelligent connectivity.

BT: Intelligent Connectivity is where it all begins. Smarter decisions are the end result
7 August 2018

At BT, we realise that digital technology is changing the way we all do business. Make smart decisions with intelligent connectivity.

Building nation-level defences to fight cyber crime
30 July 2018

BT's Mark Hughes argues that nation states should act now to put in place cyber defences to protect themselves from the most advanced threats ever seen.