Manchester Police Slapped With £120,000 Data Breach Fine
Manchester police caught napping by the ICO
Greater Manchester Police has been hit with a £120,000 fine for failing to keep data properly secure, placing information in danger when a USB stick was stolen.
A memory stick containing sensitive personal data, including details of more than a thousand people with links to serious crime investigations, was taken from an officer’s home. As there was no password protection on that stick, the Information Commissioner’s Office (ICO) took action.
During its investigation, the data protection watchdog found a number of officers across the force regularly used unencrypted memory sticks, despite a similar breach taking place in 2010.
The Manchester police force has already paid the fine, avoiding a £150,000 penalty by paying early.
“This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,” said David Smith, ICO director of Data Protection.
“It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.
“This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes.”
The ICO has fined a significant number of public sector firms since it was given the ability to hand out monetary penalties in April 2010. It recently hit a private firm, however, handing Welcome Financial Services (WFS) a £150,000 fine for a data breach that saw over half a million customers’ details go missing.
Yet last week, the watchdog praised the private sector for its data protection practices, although the data on which its assumptions were based was called into question.
Are you a security guru? Try our quiz!