UK Police Fined £120,000 for Data Breach
Greater Manchester Police received a fine of £120,000 from the Information Commissioners Office following the theft of an unencrypted memory stick from a police officer’s home.
Having no password protection and with details on more than 1,000 people linked to serious crime investigations, the memory stick theft is considered a serious data breach. The ICO found that other unencrypted memory sticks were also used by officers to copy sensitive data that was accessed from remote locations.
“This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,” said David Smith, ICO Director of Data Protection. “It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.”
The ICO reviewed a similar security breach in September 2010 when insufficient restrictions on downloaded materials were investigated following a similar event. Although the imposed Civil Monetary Penalty originally totaled £150,000, a 20 percent discount was set because the fine was paid ahead of the due date.
“This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes,” said Smith.