A Welsh police force has been fined £150,000 after an email that could have identified eight sex offenders was mistakenly sent to a member of the public.
An investigation by the Information Commissioner’s Office (ICO) found that Dyfed-Powys Police did not have the necessary procedures in place to keep such information secure.
The mistake occurred when an officer attempted to email colleagues with a list of information on eight people based in Powys who are on the sex offenders' register, including their names, addresses, telephone numbers and email addresses.
However, the officer sent the email to a member of a local community scheme after selecting the wrong name in the force’s email address book. The recipient of the email was the first name in the alphabetical list, and ended up receiving five emails meant for other people in four days in April 2015.
The member of the public alerted Dyfed-Powys Police to the mistakes on each occasion and urged the force to stop it happening it again.
The email system was designed to be used only for internal emails, but the ICO investigation found that it had grown to contain frequently used email addresses for people outside the force. In total 85 email addresses had been added to the system, 45 of which were classed as 'not secure'.
Anne Jones, ICO assistant commissioner for Wales, explained that there were clearly major failings in applying technology that could have stopped the emails being sent.
“While at first glance this might seem like simple human error, it was made possible by the poor procedures the force had in place around protecting people’s personal data,” she said.
“This was an accident waiting to happen. The force failed to take advantage of earlier opportunities to address the problem, and now faces the consequences of getting it wrong.”
The incident is just the latest in a long line of data loss incidents at UK police forces over the years. The ICO fined South Wales Police £160,000 after a DVD data loss in 2015 and Greater Manchester Police was fined £120,000 after the theft of an unsecured USB stick containing details on over 1,000 people in 2012.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display