Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

CPS Under Fire After Rise in Data Leaks

The UK’s Crown Prosecution Service (CPS) is in the dock after recording a sharp rise in device losses, an increase in unauthorized disclosure of sensitive data and rising electronic media losses.

The government agency for criminal prosecutions in England and Wales made 1378 unauthorized disclosures of confidential data in 2018-19, up from 1329 in the previous financial year.

Of these, the majority were low-risk, as the actual data loss was classed as “minor” or “retained within the criminal justice profession who are bound to professional standards of data protection,” the CPS Annual Report and Accounts claimed.

However, the number of “serious” incidents rose from 108 to 115 over the period. In these instances, data loss is significant and/or data is not recovered/not retained within the criminal justice profession.

There was also an 80% increase in lost laptops, tablets and BlackBerrys — from 15 to 27 — although the CPS clarified that in 77% of cases the device was recovered, and in any case they are encrypted to government standards.

Perhaps more alarming is the rise in losses of electronic media and paper documents from secured government premises, which increased by 156% from 2017-18 to 2018-19, to reach 172 incidents. Similar losses from outside secured government premises rose from 36 to 53.

The CPS also played down these findings, claiming that in a majority of cases in both categories the data loss was either “very minor and eventually recovered,” or the incident was “reported but caused by non-CPS staff.”

This is not the first time the prosecution service’s data security processes have come under scrutiny. In 2018, it was fined £325,000 by the Information Commissioner’s Office (ICO) for losing DVDs containing recordings of police interviews with child sex abuse victims.

Given the seriousness of the case and the potential distress it caused to victims, this would certainly have garnered a major financial penalty under the GDPR.

“The CPS is an organization which oversees some of the most sensitive data imaginable. Clearly their information security posture is in need of overall strengthening and improvement, to ensure that the public have complete confidence that critical files are completely protected at all times, from witness statements to court documents,” argued Absolute Software VP, Andy Harcup.

“Such a sharp rise in device losses and unauthorized disclosures of confidential data is a gift to cyber-criminals and fraudsters. It’s vital that the CPS improves its endpoint security measures and reduces the number of data leaks as a matter of urgency.”

Want to learn more about all things information security? Register for the upcoming Infosecurity Magazine Online Summit here!

What’s Hot on Infosecurity Magazine?