17 October 2012

The ICO imposed a monetary penalty of £150000 after an investigation into a data breach at Greater Manchester Police Force.  The Force paid the discounted sum of £120000 for early payment.

The breach occurred following a theft at an officer’s home, where a memory stick was stolen containing sensitive data of over a thousand people with links to serious crime investigations.

The stolen memory stick had no password protection and the data was not encrypted.  Further investigation into the data security within the force concluded that many of the officers utilised unencrypted memory sticks regularly, holding sensitive data, to use away from the office. This imposed serious security risk.

In 2010 the force faced a similar security breach however have failed to put security policies in place following this.

Poor security has led to sensitive personal data being placed in the hands of a criminal.  This could have easily been avoided with the correct security in place and proper training.