The Information Commissioners Office (ICO) has slapped a police force with a £120,000 penalty after it was found guilty of a serious data breach.
Greater Manchester Police was taken to task following an ICO investigation prompted by the theft of a memory stick containing sensitive personal data from an officer’s home. The device, which had no password protection, contained details of more than a thousand people with links to serious crime investigations.
Delving deeper, the ICO found that a number of officers across the force regularly used unencrypted memory sticks, which it said may also have been used to copy data from police computers to access away from the office.
It said it was about time for the force to learn its lessons after a similar security breach in September 2010. The force was found to have neglected to put restrictions on downloading information, or sufficiently training staff in data protection.
The ICO imposed a penalty of £150,000. However, as the force paid it early it was able to take advantage of a 20 percent early payment discount, bringing the costs down £120,000.
David Smith, ICO Director of Data Protection, said it should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.