Police fined for losing evidence

Humberside Police has been fined £130,000 by the ICO for misplacing sensitive personal data relating to an alleged rape victim.  Three unencrypted disks were put in an envelope to be posted to Cleveland Police and left on an officer’s desk. 

It is unclear whether they were ever actually sent, but apparently the envelope never arrived with the intended recipient. 

The missing data included: the victim’s name, date of birth and signature as well as details about the incident itself, their mental health and the name and address of the suspect.

An ICO investigation found that Humberside Police failed to:

• encrypt the disks before sending (or intending to send) by unsecure mail;
• maintain a detailed audit trail of the package;
• adhere to its own policy on information security.

Steve Eckersley, ICO Head of Enforcement, said:

We see far too many cases where police forces fail to look after disks containing the highly sensitive personal information contained within victim or witness interviews. Anyone working in a police force has a duty to stop and think whenever they handle personal details – making sure they are using the most appropriate method for transferring information and considering the consequences of it being lost before going ahead. Staff training in this area is vital. Police forces deal with such sensitive information that when things go wrong, it’s likely to be serious. This case shows how crucial it is to keep a clear record of what’s been sent, when and who to. 

For more information about this article, or any other aspect of our data privacy solutions, give us a call on 028 9032 2998.  There is no charge for initial telephone advices.