Around 10,000 CRB checks land in the wrong inbox

 
Carl Palmer – Take a Walk in Their Shoes In his latest blog for Infologue Carl Palmer, Exec Chairman at CIS Security writes about his experiences on the Clipper Boat Race, his business approach and how one has influenced the other. Read on »
Paul Atherton – Enabling Technology to Drive Commercial Benefit In his first blog Paul Atherton, Chief Sales & Marketing Officer at Kings Security discusses what is possible for security in integrating new innovative technologies. Read on »
Bob Forsyth – Cloud Technology, trajectory of the future In his latest blog for Infologue Bob Forsyth, Chief Executive Officer at Kings Security writes about Cloud Technology and its prospective applications for the security sector.  Read on »
Thursday, 15 November 2018

Around 10,000 CRB checks land in the wrong inbox

Gwent Police is taking remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act for accidentally emailing results of Criminal Reference Bureau (CRB) checks performed by the force to a member of the public.

An email containing a spreadsheet of the results of around 10,000 CRB enquiries was mistakenly sent to a website journalist when a staff member at Gwent Police inadvertently copied the wrong person into the email. 863 of the records indicated that the individual had personal information recorded but no details of criminal convictions were disclosed and the nature of the information was not identifiable.

A subsequent investigation conducted by Gwent police criticised the member of staff responsible for circulating the email after the individual failed to follow the force’s IT security policies regarding the importance of password protection and only sharing information that is absolutely necessary.

Anne Jones, Assistant Commissioner for Wales, said:

“It is essential that staff are aware of and follow their organisation’s security policies. Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place.  We are pleased that Gwent Police has taken steps to prevent this happening again.”

The undertaking was agreed in August 2010. However, as disciplinary proceedings at Gwent Police were underway, the ICO did not publish the undertaking at that time.

Mick Giannasi, the then Chief Constable of Gwent Police, has signed a formal undertaking agreeing to put in place a number of steps to prevent a similar breach from happening again. Gwent Police will implement stricter rules to ensure that wherever possible information is accessed directly via secure databases and the use of generic passwords will stop. The undertaking also requires new technology to be brought in to prevent the inappropriate auto completion of addresses in internal and external email accounts.

A full copy of the undertaking can be viewed here:
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings

ICO Website


Leave a Reply

Your email address will not be published. Required fields are marked *

*

Interconnective Security Products