West Midlands Police breach data 24 times in one year
Loss of technology, misuse of systems and missing encrypted USB devices – those were among 24 data breaches by officers at West Midlands Police in one year.
The breaches over 2016 also included access requests to incorrect addresses and inappropriate disclosure.
The latter was the most common incident within the force with seven cases.
It can include things like wrongly releasing information to third parties such as personal details, sending information to the wrong people or even putting inappropriate things on social media – although West Midlands Police have not provided any specifics on the circumstances surrounding their incidents.
There were five cases of ‘loss of technology’, four of missing USB sticks, three of using insecure emails and three of ‘subject access requests’ – people requesting what information is held about themselves – which were sent to the wrong address.
The other incidents included one breach of ‘inaccurate information’ and another of ‘misuse of systems’, of which no further details have been released at this stage.
Civil liberties group Big Brother Watch has said more needs to be done to tackle the number of data breaches.
The group says it works ‘to ensure that those who fail to respect our privacy, undermine our online security, or fail to protect our personal data, are held to account’.
Last year the privacy activists shone the spotlight on police forces by compiling the number of data breaches between 2011 and 2015, revealing West Midlands Police had committed more than double the number of any other in the period (488).
Their report called ‘Safe in Police hands?’ said: “The job of the police is to protect us and in a digital society that also means protecting our data.
“We need to be able to trust those in authority with our personal information, unfortunately that trust is being regularly undermined.”
The group made five substantial recommendations on the back of the findings including introducing custodial sentences for serious data breaches, giving the culprits a criminal record and informing victims of breaches who are members of the public within 90 days so they can take action.
The other two calls were to remove internet connection records from the Investigatory Powers Bill and adopting General Data Protection Regulations once Britain leaves the EU.
West Midlands Police was not available for comment at the time of print.
