Police chief signs data-protection undertaking after ICO exposes failings

Written by Jim Dunton on 14 March 2016 in News

The chief constable of Wiltshire has agreed to implement a series of data-protection improvements after a probe by the Information Commissioner’s Office.

An investigation into the 2015 loss of a police handover file - including witness statements related to drugs and imitation firearm offences - revealed institutional shortcomings in staff training, according to a new report from the watchdog.

The report says the file was lost from Wiltshire Constabulary’s internal mail and has never been found. New witness statements were required because no electronic copies of the originals existed.

Related content

ICO recommends Kent County Council improves data training

ICO: 'Commercial interests trump public interest in ICT bid details'

While the ICO’s evaluation of the data loss identified human error as a factor, it found that the police force had no record of whether the staff member involved in the loss had received data-protection training. 

“Whilst data-protection training was provided to staff at induction, this only related to staff who had been recruited within the last 10 years,” the ICO’s report said.

“The  data controller also confirmed that no data protection training records were maintained in respect of staff employed prior to this date. 

“The commissioner’s investigation further determined that there was no provision of refresher training at the time of the incident and in total only 30% of staff had completed such training.”

The investigation also revealed that three recommendations relating to staff training from a voluntary audit of the force, conducted by the ICO in 2013, had not been implemented in full.

Wiltshire chief constable Mike Veale is the force’s “data controller” under the terms of the Data Protection Act 1998.

The terms of the undertaking he has now signed with the ICO include the introduction of a “suitable method” of delivering data-protection training for staff who handle sensitive personal data; provision for this to be refreshed periodically; and a system of records-management training, monitoring, and reporting to be implemented.

Share this page




Please login to post a comment or register for a free account.

Related Articles

FOI: Scottish reform proposals would bring commercial suppliers in scope
5 August 2022

Labour party to introduce bill intended to increase transparency and accountability 

Government appoints £2m firm to help build search tool for citizens’ internet records
29 July 2022

Defence contractor BAE Systems wins Home Office contract 

Met Police claims series of Oxford Circus arrests in facial-recognition deployment
20 July 2022

London force claims success from use of controversial technology, which was accompanied by public information effort – as well as protestors

National Crime Agency seeks to boost ranks of digital forensic specialists
15 July 2022

Eight roles on offer to boost technical ranks