Around 10,000 CRB checks land in the wrong inbox

 
David Ward – Protecting our businesses from Cyber attacks In his blog for infologue David Ward, CEO at Ward Security discusses the importance of cyber awareness & why integrating physical and cyber security is crucial Read on »
UK OSPAs Winners Announced The UK Outstanding Security Performance Awards (OSPAs) event took place at the Royal Lancaster in central London on 28th February 2019, with over 450 security professionals attending. Read on »
An Interview with Ken Palmer, Founder of CIS Security Ken Palmer, Founder of CIS Security reflects on how the security industry has developed over the past 50 Years; from SIA Licencing to the current political climate Read on »
Tuesday, 26 March 2019

Around 10,000 CRB checks land in the wrong inbox

Gwent Police is taking remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act for accidentally emailing results of Criminal Reference Bureau (CRB) checks performed by the force to a member of the public.

An email containing a spreadsheet of the results of around 10,000 CRB enquiries was mistakenly sent to a website journalist when a staff member at Gwent Police inadvertently copied the wrong person into the email. 863 of the records indicated that the individual had personal information recorded but no details of criminal convictions were disclosed and the nature of the information was not identifiable.

A subsequent investigation conducted by Gwent police criticised the member of staff responsible for circulating the email after the individual failed to follow the force’s IT security policies regarding the importance of password protection and only sharing information that is absolutely necessary.

Anne Jones, Assistant Commissioner for Wales, said:

“It is essential that staff are aware of and follow their organisation’s security policies. Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place.  We are pleased that Gwent Police has taken steps to prevent this happening again.”

The undertaking was agreed in August 2010. However, as disciplinary proceedings at Gwent Police were underway, the ICO did not publish the undertaking at that time.

Mick Giannasi, the then Chief Constable of Gwent Police, has signed a formal undertaking agreeing to put in place a number of steps to prevent a similar breach from happening again. Gwent Police will implement stricter rules to ensure that wherever possible information is accessed directly via secure databases and the use of generic passwords will stop. The undertaking also requires new technology to be brought in to prevent the inappropriate auto completion of addresses in internal and external email accounts.

A full copy of the undertaking can be viewed here:
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings

ICO Website


Leave a Reply

Your email address will not be published. Required fields are marked *

*

Interconnective Security Products