Once again a public sector organisation has fallen foul of the Information Commissioner and received a hefty monetary penalty for Data Protection Act breaches.
The UK regulator has fined Greater Manchester Police after officers were found to be regularly using unencrypted memory sticks to store personal data. The poor data security practices came to the ICO’s attention following the theft of a memory stick containing sensitive personal data from an officer’s home. The device, which also had no password protection, contained details of more than a thousand people with links to serious crime investigations. Despite similar security breaches in the past, the police force had not put restrictions on downloading information and staff were not sufficiently trained in data protection. The police force paid £120,000 because it took advantage of an early payment discount.