Gwent Police has been found to have breached the Data Protection Act
(DPA) after it accidentally emailed the results of 10,006 Criminal
Reference Bureau (CRB) checks to a journalist.
A CID data management staff member at Gwent Police mistakenly copied
the journalist, from online news site The Register, into an email that
contained a spreadsheet of the CRB results. The IT staff member was
using the auto-complete function in Novell’s email software and had
intended to send the email to five police staff colleagues.
Although the Microsoft Excel file did not contain details of criminal
convictions, and the information was not identifiable, 863 of the
records highlighed incidents with the police, as well as providing
full names, dates of birth and occupation.
The Register said that it had deleted the file after Gwent Police’s
professional standards offices travelled to their London offices two
days after being contacted.
The police force criticised the member of staff for sending the email
without following its IT security policies around the importance of
password protection and only sharing information when absolutely
necessary.
Although Gwent Police have taken steps to avoid such a breach occuring
again, Anne Jones, assistant commissioner for Wales, said: “Such a
huge amount of sensitive personal information should never have been
circulated via email, especially when there was no password or
encryption in place.”
The police force has agreed to implement stricter rules to ensure that
wherever possible, information is accessed directly via secure
databases, and to stop the use of generic passwords. It will also
install new technology to prevent the inappropriate auto-completion of
addresses in internal and external email accounts.
This data breach comes as the UK government announced the new
Protection of Freedoms Bill, which Home Secretary Theresa May said
will boost citizen's privacy rights and protect themfrom unwarranted
state intrusion in their private lives.
For example, the Bill will see the deletion of DNA samples and
fingerprints of innocent people from police database, and the
extension of the scope of the Freedom of Information Act (FOI).
Christopher Graham, Information Commissioner, welcomed the Bill,
saying that it addresses issues that the ICO has been concerned with
for a long time.
“I support the Bill’s aims of strengthening privacy, delivering
greater transparency and achieving improved accountability, as well as
greater independence for the ICO.
“The detail of these important provisions will need careful
consideration. The current proposals on improved regulation of CCTV
and ANPR (Automatic Number Plate Recognition systems] are limited to
the police and local government only but their use is much more
widespread. We will be examining all of the Bill’s provisions closely
to be satisfied that they will deliver in practice,” he said.
No comments:
Post a Comment