ICO Fines Prosecutors £325,000 Over Mislaid Police Interviews

The Information Commissioner’s Office (ICO) has fined the Crown Prosecution Service (CPS) £325,000 after the service mislaid DVDs containing recordings of sensitive police interviews.

The DVDs, which were not encrypted, contained interviews with 15 victims of child sex abuse that were to be used at a trial.

The ICO noted that the material included sensitive details about those abused as well as the accused and other parties.

The discs were sent by tracked delivery from a CPS office in Guildford to one in Brighton, with the receiving office located in a shared building. The delivery was made outside of office hours, and discs were left in the reception area, which was accessible to anyone who had access to the building.

Data breach

They were sent in November 2016, but the loss wasn’t discovered until the following month. The CPS notified the victims in March 2017 and reported the incident to the ICO in April.

The CPS was negligent in failing to ensure the recordings were kept safe, the ICO said. In spite of having been fined £200,000 for a separate breach in November 2015, which also involved victim and witness evidence, the CPS hadn’t taken care to prevent similar breaches from occurring again, the ICO said.

“The CPS must take urgent action to demonstrate that it can be trusted with the most sensitive information,” said ICO head of enforcement Steve Eckersley.

The CPS said it accepted the ICO’s decision. The service said it had contacted victims’ families to apologise and that there was no indication the material was viewed by an unauthorised person.

“The original version of the data was retained by the police and the defendant pleaded guilty in court,” the CPS said in a statement.

Digital transfers

The service said CPS South East had reviewed its systems to prevent similar losses and that a new digital system would allow secure online transfers.

“This includes videoed interviews and will mean we no longer need to rely on sending discs through the mail,” the CPS stated.

The service said it would pay the fine before 13 June, meaning it would be reduced to £260,000.

The introduction into enforcement of the General Data Protection Regulation (GDPR) on 25 May is set to greatly increase the amount of fines that European data protection agencies can impose.

How much do you know about privacy? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago