Only one UK police force has secured top marks from the Information Commissioner’s Office (ICO) for adhering to the Data Protection Act (DPA), after an audit by the data watchdog over a year-long period.
The ICO report focused on 17 forces between April 2013 and April 2014 to assess how the they were adhering to the DPA in six key areas. The 17 forces were not revealed.
The six areas audited covered data-protection governance, records management, handling requests for personal data, the security of personal data, staff training and awareness, and data sharing.
Overall, just one force was graded as providing "high assurance" to the ICO that it is on top of its data-protection requirements. The ICO defines this as: “Limited scope for improving existing arrangements. Significant action unlikely to be required.”
On the next level down, 10 forces gave the ICO only "reasonable assurance" that they are adhering to the DPA as required. This is classed as: "Some scope for improvement in existing arrangements."
Even worse, six forces gave only "limited assurance" to the ICO, classed as "scope for improvement in existing arrangements".
The silver lining was, perhaps, that no force was branded as providing "very limited assurance", which warns of a “substantial risk of non-compliance with DPA”.
However, while no force received this "very limited assurance" rating overall, two forces received this rating for two specific areas. One for records management and the other for data-sharing procedures.
While the audit of 17 forces covers less than half of the 43 forces across the UK,
the audit still paints a worrying picture about how capable police forces are at handling sensitive data affecting both criminals and victims.
V3 contacted the Association of Chief Police Officers (ACPO) for comment on the ICO’s finding, but had received no reply at the time of publication.
The ICO said it thought the findings showed that, by and large, police forces do a good job of keeping data secure, but there is room for improvement.
"Clearly police forces handle sensitive personal data, and we all want to have confidence that that information is being kept in line with the law. Our findings suggest that tends to be the case, with two thirds of the forces needing just a few improvements in the areas we audited," an ICO spokesperson said.
"But there’s no room for complacency. The report contains a list of areas for improvement, and all forces would do well to read it."
Police forces have often fallen foul of the ICO and been hit with large fines as a result. In March Kent Police received a £100,000 fine for leaving sensitive documents – including tape recordings of suspect and witness interviews – in its old offices after it moved headquarters in 2009.
Meanwhile in 2012 Greater Manchester Police (GMP) was fined £120,000 after the theft of an unsecured USB stick containing details on more than 1,000 people with links to serious crime investigations.
Including a 15-inch Intel Core-powered device weighing less than a bag of sugar
Tuomo Suntola's ALD technology extended Moore's Law, but was only adopted by chip-makers in 2007
Trump proposes a $1.3bn fine and a round of firings to un-bork ZTE
Findings could mean new optical frequencies to transmit more data along optical cables