The police service in Kent has been reprimanded by the Information Commissioner’s Office (ICO) after it was found to have breached regulations governing data protection in what will be the second data leak from a police organisation this month.
The Independent Police Complaints Commission (IPCC) was confronted by ICO representatives last week after it neglected to provide data following on from Freedom of Information requests in 69 separate incidents within the allotted timeframe. Now Kent Police have admitted to the ICO that personal data was lost as a result of poor loss prevention measures.
The ICO’s Graham Smith believes the case of the IPCC will be regarded by other public organisations as an example as to how sluggish action in the face of legal requests backed up by the Freedom of Information Act can have negative repercussions. Clearly this example has not been significant enough in its influence to pre-empt data related problems elsewhere in the organisation.
The latest incident of data loss involves the theft of documents which were removed from a vehicle used by a Kent Police officer as it was parked outside the home of a member of the public. The thief discarded the data and it was subsequently discovered by a concerned citizen and reunited with the authorities at the local police headquarters.
The ICO revealed that Kent Police carried out its own internal inquiry, which determined that the documents should have been transported in a high security briefcase and stored at the officer’s home in a specially designed safe. The officer in question had neither of these items available and so the inadequate security measures resulted in the personal information in question slipping into the wrong hands with relative ease.
The ICO’s Sally-Anne Poole said police organisations are required to adhere to specific security measures when data is in transit or storage and that these measures are tightened when the data in question is of a particularly sensitive nature. Ms Poole said that this incident was likely to be the result of inadequate staff training and managerial awareness as to the requirements.
