Categories: SecurityWorkspace

ICO Raps Police Forces Over Data Protection

Police forces have been criticised by the data protection watchdog, the Information Commissioner’s Office (ICO), in a report which revealed some alarming lapses, inmcluding how few police forces fully adhere to the 1998 Data Protection Act (DPA).

Improvement Needed

The ICO report took a year to complete and is an audit of seventeen police forces, out of the total 43 police forces within the United Kingdom.

It assessed these police forces on six core areas including their records management, their security of personal data, their data sharing, as well as staff training and awareness. It also examined how the police forces dealt with requests for personal data, and how they adhered to the data protection governance requirements of the DPA.

The ICO found that out of the seventeen surveyed police forces, 59 percent fell within the “reasonable assurance” range (i.e. there was some scope for improvement in their existing arrangements).

But somewhat worryingly, 35 percent of the unnamed surveyed police forces fell within the “limited assurance” range (i.e. there is scope for improvement in their existing arrangements). Only one police force achieved the “high assurance” rating (i.e. limited scope for improving existing arrangements – significant action unlikely to be required).

Many Incidents

It is fair to say that the police have had a chequered past when it comes to their handling of personal data and meeting the requirements of the data protection.

In 2013 Hertfordshire Constabulary was ordered to review its illegal automated collection of people’s number plates. The ICO said the Automatic Number Plate Recognition (ANPR) operation had broken two principles of the Data Protection Act.

And then in 2012, the Metropolitan Police was forced to apologise after it revealed the email address of 1,136 people when it sent out a survey. That same year, Greater Manchester Police was fined £120,000 for failing to keep data properly secure when an unsecured USB stick was stolen from an officer’s home.

In 2011 Lancashire Police censured for breaching the DPA, when they accidentally published sensitive personal details of an individual’s complaint on its website.

And in 2010 a USB stick, said to contain anti-terror training manuals and other sensitive material, was found by a businessman on the pavement outside a Police station in Stalybridge, Greater Manchester.

Are you a pedant on privacy? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago