The Information Commissioners Office (ICO) has recently criticised Gwent Police, after a staff member accidently emailed the personal records of thousands of individuals to the wrong person. The situation was exacerbated by the fact the person it was sent to, happened to be a journalist!
The ICO has found the force in breach of the Data Protection Act and as such has made the Chief Constable sign an undertaking to ensure these leaks never happen again. The signed undertaking document, available on the ICO website, details the exact breach and the remedial action taken by the force to prevent further leaks.
The email contained a spreadsheet with the details of ten thousand Criminal Record Bureau (CRB) enquiries. Whilst the vast majority of the records contained little information 863 records contained the information of the individual concerned with the CRB enquiry. The email was supposed to be sent to five police staff only, however the email was also cc’d to a journalist. The undertaking states Gwent Police must now introduce technical measures to prevent auto completion of emails within internal and external correspondences.
Anne Jones, assistant ICO Commissioner for Wales released a statement saying “It is essential that staff are aware of and follow their organisation’s security policies. Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place. We are pleased that Gwent Police has taken steps to prevent this happening again.”
The ICO held back on releasing the information about the data leak until the force had completed its own investigations.