ICO slams police force for ‘cavalier’ attitude to data after unencrypted interview footage goes missing

Written by Rebecca Hill on 4 May 2017 in News

Greater Manchester Police slapped with £150,000 fine from data protection watchdog for failing to protect sensitive footage of interviews with victims of violent crimes

Greater Manchester Police was fined after three DVDs of interview footage were lost in the post - Photo credit: Pixabay

Greater Manchester Police has been fined £150,000 after three DVDs containing footage of interviews with victims of violent or sexual crimes went missing in the post.

The DVDs - which were unencrypted and contained footage where victims were identifiable - were sent by the force to the Serious Crime Analysis Section of the National Crime Agency by recorded delivery but were not received. They have never been recovered.

The Information Commissioner’s Office investigated the incident, which happened in 2015, and found that the police force had breached data protection law.

The force, it said, had “failed to keep highly sensitive personal information in its care secure, and did not have appropriate measures in place to guard against accidental loss”.

Related content

CPS fined £200,000 for failing to keep sensitive interviews safe
Data blunder leads to £185,000 fine for NHS trust

Sally Anne Poole, the ICO enforcement group manager, said that the public had “every right to expect that their information is handled with the utmost care and respect”, but that the GMP had not done this.

“The information it was responsible for was highly sensitive and the distress that would be caused if it was lost should have been obvious,” she said.

“Yet GMP was cavalier in its attitude to this data and it showed scant regard for the consequences that could arise by failing to keep the information secure.”

The investigation found that the GMP had been sending unencrypted DVDs by recorded delivery to the SCAS - which aims to identify potential serial killers and serial rapists at an early stage in their offending history - since 2009, and only stopped after the 2015 incident.

The GMP said in a statement sent to PublicTechnology that the delivery method was “in accordance with national guidance for sending sensitive information”.

But the ICO ruled that the GMP ought reasonably to have known there was a risk of the breach happening, noting that it was aware that the SCAS only used special delivery - where the package is signed for every time it changes hands, not just by the recipient - for sending confidential information by post.

It added that although “a technical solution such as encryption or remote access was not an option at the time of the security breach through no fault of GMP… ultimately, it was up to GMP to keep the DVDs secure”.

The GMP’s assistant chief constable Rob Potts said that the GMP was now “considering our response to this judgement”, but that it had already stopped using postal delivery for sensitive information following a review of its procedures after the 2015 data breach was discovered.

The force was fined £150,000 by the ICO in 2012 after an unencrypted USB stick was stolen.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Government appoints £2m firm to help build search tool for citizens’ internet records
29 July 2022

Defence contractor BAE Systems wins Home Office contract 

Met Police claims series of Oxford Circus arrests in facial-recognition deployment
20 July 2022

London force claims success from use of controversial technology, which was accompanied by public information effort – as well as protestors

FCDO unit hires £770k consultancy to help shape international defence collaboration platform
18 July 2022

New Hermes platform is intended to provide a ‘modular, scalable solution’

National Crime Agency seeks to boost ranks of digital forensic specialists
15 July 2022

Eight roles on offer to boost technical ranks