AN UNENCRYPTED MESSAGE FROM THE INFORMATION COMMISSIONER
by Matt Gallagher on October 17, 2012
Manchester Evening News 17 October 2012
.
I have called for GMP to be more transparent after the Information Commissioner fined the force £120,000 as a result of an unencrypted memory stick containing sensitive data being stolen from an officer’s home.
.
*The information watchdog found that officers regularly used unencrypted memory sticks to store data from police computers and take it out of the office.
.
It said the force had seen a similar breach in September 2010, but had failed to restrict information downloads and that staff had not been given sufficient data protection training.
.
“The consequences of this type of breach really do send a shiver down the spine,” said David Smith, the ICO’s director of data protection.
.
“This was truly sensitive personal data, left in the hands of a burglar by poor data security.
.
“It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.”
.
Smith added that the “substantial monetary penalty” reflected “the significant failings the force demonstrated “.
.
“We hope it will discourage others from making the same data protection mistakes,” he said.
.
Assistant chief officer Lynne Potts from Greater Manchester Police said the breach was “very much an isolated incident”.
.
“We take all matters relating to the storage of data extremely seriously and have stringent measures in place to ensure the safe storage of data,” she said.
.
This response from GMP does not address public concern that the stolen data may have been used to harm those it identifies, or could yet be used for that purpose.
.
GMP needs to reassure the public that the data does not identify anyone who could be targeted by criminals, or that appropriate measures have been taken to alert those who might be at risk.
.
By refusing to respond to calls to release the findings of its internal enquiry, members of the public may be forgiven for thinking that the force is being over-sensitive after making an embarrassing mistake. We are in a new age, when any police force that makes a mistake is well advised to be as open, frank and self-critical as possible, and transparent about the steps it has taken to put things right.
.
As a retired police officer my personal data is doubtless stored on the GMP computer system. I am as concerned as anyone that this data is secure.
.
I am due to meet with the Chief Constable soon and I intend to raise my concerns about this incident. I shall seek an assurance that no one is at risk from this data falling into the wrong hands.
.
I would also appeal to the Information Commissioner to use their discretion and require GMP to invest some of this massive fine in assisting the force to provide security training and technical measures to ensure this incident isn’t repeated, including ISO27001 information security compliance and endpoint control.
.
This is public money, it should be used as usefully as possible.
*Public Service.co.uk
Volunteer
Help in election
Report a problem
Join Us
Your views
Register to vote
Postal vote
Email updates
3 comments
I think your suggestion about reinvesting the fine into security training is fantastic! Really makes sense to make sure the end result of the ICO’s decision benefits the taxpayers of Manchester.
by Dave Page on October 17, 2012 at 10:41 pm. #
The Information Commissioner does not have any discretion about how the money is used. The fine is paid to the ICO and then passed on in full to the Treasury.
by Tim Turner on October 19, 2012 at 7:37 am. #
Tim, the Information Commissioner does set the level of the fine, and could easily set a lower level if the GMP agreed to spend the remainder on technical measures and training to improve data security.
by Dave Page on October 30, 2012 at 4:41 pm. #