The ICO has issued South Wales Police with a £160,000 fine for losing a video recording which formed part of the evidence in a sexual abuse case.
The DVDs contained film of an interview with a victim, who had been sexually abused as a child. Despite the DVDs containing a graphic and disturbing account, the discs were unencrypted and left in a desk drawer.
The recorded interview took place in August 2011 and the loss was discovered by staff after an office move in October 2011 but the security breach then went unreported for nearly two years due to lack of training. Although the DVDs were stored in a secure part of the police station, South Wales Police had no specific force-wide policy in place to deal with the safe storage of victim and witness interviews in its police stations.
A second interview had to be abandoned due to the victim’s distress and the DVDs have still not been recovered. The defendants were eventually convicted in court.
Anne Jones, Assistant Commissioner for Wales said: “Without any doubt we would expect a professional police force, in a position of trust, dealing with this type of highly sensitive information from victims and witnesses on a daily basis to have robust procedures to keep track of the personal data in their care.
“The organisation has failed to take all appropriate measures against the unauthorised processing and accidental loss of personal data. This breach is extremely serious and despite guidance from our office, the Ministry of Justice and Association of Chief Police Officers stating it is essential to have a policy on storing this sort of information they still haven’t fully addressed the issue.
“The monetary penalty given to South Wales Police should send a clear message that organisations have to take responsibility for personal data and the way in which it is stored.”
In addition to the monetary penalty, the Information Commissioner has asked the police force sign an undertaking to ensure the changes are made to implement policies to stop any incidents happening again.