The UK Information Commissioner's Office (ICO) today announced that the Greater Manchester Police has been fined £120,000 for a failure to protect personal data.
"A memory stick containing sensitive personal data, including details of more than a thousand people with links to serious crime investigations, was taken from an officer’s home," writes TechWeekEurope's Tom Brewster. "As there was no password protection on that stick, the [ICO] took action."
"The USB drive, belonging to [a] Greater Manchester Police drugs squad detective, is also understood to have included details of police operations, potential targets for arrest and names of officers," writes The Independent's Kim Pilling.
"Delving deeper, the ICO found that a number of officers across the force regularly used unencrypted memory sticks, which it said may also have been used to copy data from police computers to access away from the office," writes TechEye's Andrea Petrou.
"A similar security breach in September 2010 had prompted no change in culture, the ICO said," writes The Register's Anna Leach. "In 2010 a businessman found a mislaid Greater Manchester Police branded memory stick that contained sensitive anti-terrorism materials."
"This was truly sensitive personal data, left in the hands of a burglar by poor data security," ICO director of data protection David Smith said in a statement. "The consequences of this type of breach really do send a shiver down the spine. It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action."
"The fine is only the second time a police force has been hit by a fine from the ICO as the data watchdog continues to take public sector organisations to task for shoddy data handling practices," notes V3.co.uk's Dan Worth.