PublicTechnology

Police chief signs data-protection undertaking after ICO exposes failings

Jim Dunton March 14, 2016 in Defence and Security, Public order, justice and rights Tagged , - 2 Minutes

The chief constable of Wiltshire has agreed to implement a series of data-protection improvements after a probe by the Information Commissioner’s Office.

An investigation into the 2015 loss of a police handover file – including witness statements related to drugs and imitation firearm offences – revealed institutional shortcomings in staff training, according to a new report from the watchdog.

The report says the file was lost from Wiltshire Constabulary’s internal mail and has never been found. New witness statements were required because no electronic copies of the originals existed.

Related content

ICO recommends Kent County Council improves data training

ICO: ‘Commercial interests trump public interest in ICT bid details’

While the ICO’s evaluation of the data loss identified human error as a factor, it found that the police force had no record of whether the staff member involved in the loss had received data-protection training. 

“Whilst data-protection training was provided to staff at induction, this only related to staff who had been recruited within the last 10 years,” the ICO’s report said.

“The  data controller also confirmed that no data protection training records were maintained in respect of staff employed prior to this date. 

“The commissioner’s investigation further determined that there was no provision of refresher training at the time of the incident and in total only 30% of staff had completed such training.”

The investigation also revealed that three recommendations relating to staff training from a voluntary audit of the force, conducted by the ICO in 2013, had not been implemented in full.

Wiltshire chief constable Mike Veale is the force’s “data controller” under the terms of the Data Protection Act 1998.

The terms of the undertaking he has now signed with the ICO include the introduction of a “suitable method” of delivering data-protection training for staff who handle sensitive personal data; provision for this to be refreshed periodically; and a system of records-management training, monitoring, and reporting to be implemented.

Related Posts

Ministry of Defence signs IBM to £30m deal to support civilian IT systems
April 26, 2024
Chief coroner cites ‘significant impact’ of digital on profession
April 26, 2024
Scottish parliamentarians offered cyber training
April 25, 2024

Jim Dunton

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Signup
Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter
ErrorHere