Crown Prosecution Service hit with £325k fine for losing DVDs with ‘most intimate details’ of abuse victims

Written by Sam Trendall on 18 May 2018 in News
News

After ICO punishment, CPS claims new digital evidence-transfer system will mean such a breach can never happen again

Credit: PA

After losing unencrypted DVDs containing footage of interviews with 15 victims of child sexual abuse, the Crown Prosecution Service has been hit with a £325,000 fine from the Information Commissioner’s Office.

In response to the punishment, the CPS said that it is rolling out a digital system for transferring evidence to ensure it never again needs to rely on sending sensitive information through the post.

The lost discs “contained the most intimate sensitive details of the victims, as well as the sensitive personal data of the perpetrator, and some identifying information about other parties”, the ICO said. 

In November 2016 they were sent from one CPS office to another via tracked delivery.

The office where they were received was shared by CPS with other organisations. The DVDs, which were “not in tamper-proof packaging”, were sent outside office hours, and were left in the building’s shared reception area, according to the ICO.


Related content


Having gone missing, their loss was not discovered for a month. Victims were not told until March 2017, and the ICO was informed in April. 

It is still not known what happened to the DVDs.

The ICO pointed out that the CPS suffered a data breach in which video evidence was lost  – for which it was fined £200,000 about a year before this incident took place. Despite which, the CPS failed to make sure that “appropriate care was being taken to avoid similar breaches”.

Steve Eckersley, head of enforcement at the ICO, said: “The victims of serious crimes entrusted the CPS to look after their highly sensitive personal data – a loss in trust could influence victims’ willingness to report serious crimes. The CPS failed to take basic steps to protect the data of victims of serious sexual offences. Given the nature of the personal data, it should have been obvious that this information must be properly safeguarded, as its loss could cause substantial distress.

He added: “The CPS must take urgent action to demonstrate that it can be trusted with the most sensitive information.”

A spokesperson for the CPS said that the service is currently implementing a digital system “that allows the secure online transfer of material between the CPS and the police”, including sending video interviews. The introduction of this system “will mean we no longer need to rely on sending discs through the mail”, they said.

“We accept the ICO’s decision that we breached the Data Protection Act and last year contacted victims’ families to explain what had happened and apologise. We also offered to meet families face-to-face,” the CPS spokesperson added.

“There is no indication the material was viewed by any unauthorised person. CPS South East have completely reviewed their systems and processes for the receipt and handling of video interviews to ensure that this situation cannot arise again. The original version of the data was retained by the police, and the defendant pleaded guilty in court. He was given a six-year prison sentence in March 2017.”

CPS said that it will pay the fine before 13 June – which means that it will be reduced to £260,000. 

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Cyber resilience and the public sector
28 October 2020

The public sector must focus not only on attacks, but on how it responds and recovers from them, Zerto and Cyber Security Scotland told attendees at the recent Local Government ICT Summit

UK pins 'cynical and reckless' Olympic cyberattacks on Russia
20 October 2020

Government attributes 2018 campaign to Moscow and claims more assaults were planned for cancelled 2020 summer games

British Airways data-breach fine cut from £183m to £20m after ICO considers coronavirus impact
16 October 2020

Airline slapped with record penalty by ICO – albeit one that is grossly reduced on the regulator’s original intention

Related Sponsored Articles

Workspace, Not Workplace: How Agile Working Increases Productivity whilst Driving Engagement and Fostering Inclusivity
12 October 2020

2020 has been a year of unprecedented change for the UK public sector. Today’s agile working technology enables you to meet citizen needs in this challenging operating environment by empower your...

Why it is time to change our approach to cybersecurity
29 September 2020

Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from...

Intelligent Spend Management in the Public Sector
24 September 2020

SAP Concur says it's time for the public sector to embrace more efficient invoice management technology

Digital inclusion is vital during the COVID-19 accelerated channel shift
22 September 2020

Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend