ICO Hits Another Data Privacy Violator

Bob Styran, IT audit expert
February 14, 2011 /

GWENT, Wales – Police chief inspector Constable Mick Giannasi vowed to implement tighter data handling regulations within Gwent police station after it has seen the ire of the Information Commissioner’s Office for violating data privacy laws.

The ICO said Gwent Police committed lapses when it inadvertently sent 10,000 Criminal Reference Bureau checks to a journalist through email. The email was said to have contained 863 sheets of personal data.

The British government was in the height of its plans to revamp the criminal records system of Gwent when the data privacy breach occurred.

The case is the second in a row of data privacy violations committed by a government entity involving sensitive data being emailed to wrong recipients.

Late in November lat year, the ICO has imposed a financial penalty of £100,000 on Hertfordshire County Council for sending sensitive information to wrong recipients through fax twice in a week.

The council was first accused of violating the data privacy of children, who became victims of sex abuse. According to the ICO, the children’s personal data were sent to ordinary citizens when they were supposed to be forwarded to the barristers’ chambers. The other related case involved the dissemination of court proceedings information days after the first violation took place.

But unlike its action against the Council, the ICO has not penalized Gwent Police.

Anne Jones, ICO’s assistant commissioner for Wales, said Gwent Police should ensure that its staff members know completely its security policies and added that the same should be religiously obeyed.

She said these kinds of personal data should not have been sent through emails, more so if there was the absence of encryption.

Jones, however, commended Gwent Police for taking immediate steps to avoid the same data privacy violation in the future.

Meanwhile, Giannasi said Gwent Police will purchase a new technology that disables the automatic completion of addresses in its accounts, both internal and external.

 

Share your opinion