Gwent Police slammed by ICO for emailing thousands of records

The ICO says that the force was in breach of the Data Protection Act (DPA) and, in view of this, the Chief Constable of Gwent has had to sign an undertaking to ensure the leaks never happen again.

Infosecurity notes that a copy of the signed undertaking has been published on the ICO's website and that it details the remedial action taken by the force to prevent further leaks.

The email is said to have contained a spreadsheet with the details of ten thousand Criminal Record Bureau (CRB) enquiries.

According to Gwent Police, whilst the majority of the records contained little information, more than 800 of them contained the information of the individual concerned with the CRB enquiry.

The email was supposed to be sent to five police staff but was inadvertently cc-ed to a journalist, causing the message to leave the police email network.

The force has now agreed to introduce technical measures to prevent the auto completion of emails on their systems.

Anne Jones, the assistant ICO commissioner for Wales, said that it is essential that staff are aware of and follow their organisation's security policies.

"Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place. We are pleased that Gwent Police has taken steps to prevent this happening again", she said.

According to the ICO, details of the DPA breach have been held back whilst the force completed its own investigations.

What’s hot on Infosecurity Magazine?