The UK Information Commissioner's Office (ICO) has slapped the Greater Manchester Police force with a £150,000 fine (reduced to £120,000 for early payment) after a memory stick containing sensitive data about serious crimes was stolen from the home of a police officer.
The ICO has the power to levy such fines if an investigation determines that sensitive data has been put at risk courtesy of a lack of proper data protection being in place. In this particular case it must have been a very quick investigation, filed under the no-brainer category, seeing as the data was being stored on a memory stick which the officer had seen fit to take home with him. A memory stick which required no password in order to access the information held upon it. Information that was stored without any encryption being applied. Information which included details concerning in excess of a thousand people with links to 'serious crime investigations' apparently.
The breach occurred when a burglar broke into the home of the officer and the memory stick was amongst the items stolen during that robbery. According to the ICO, Greater Manchester Police officers regularly used such unencrypted memory sticks. This despite a very similar breach having taken place in 2010, the lessons from which were obviously not learned and which led the ICO to conclude that the police force was not properly trained with regards to data protection matters.
ICO Director of Data Protection, David Smith, insists that it should have "been obvious to the force that the type of information stored on its computers meant proper data security was needed" and that the consequences of such a breach leaving this information in the hands of a burglar sends "a shiver down the spine".