ICO levies £120,000 fine on Manchester coppers for USB stick loss

THE UK INFORMATION COMMISSIONER'S OFFICE (ICO) has levied a fine of £120,000 on the Greater Manchester Police (GMP) over the theft of an unsecured USB stick listing more than 1,000 people with links to serious crime investigations.

The fine is only the second time a UK police force has been hit by a fine from the ICO as the data watchdog continues to take public sector organisations to task for shoddy data handling practices.

The USB stick was stolen from the home of an officer in the GMP in July 2011 when a burglar stole a wallet in which the device was kept. It has never been recovered.

The ICO discovered that it contained no password or encryption protection and that the use of memory sticks in this manner was commonplace among the force.

An amnesty from the GMP for unsecured USB sticks in use among officers saw over 1,000 handed in.

Furthermore, a similar incident occurred in 2010, but no policies were put in place as a result and staff were not given sufficient data protection training, the ICO said.

As a result, it issued a fine against the organisation that was initially pegged at £150,000, but because the GMP paid early it was reduced to £120,000.

The ICO's director of data protection, David Smith said the sensitive nature of the information lost by the police force sent "a shiver down the spine".

"This was truly sensitive personal data, left in the hands of a burglar by poor data security," he said.

"It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action."

He added that he hoped the size of the fine would make other forces realise the importance of data protection.

The INQUIRER contacted the GMP for comment, but had received no reply at time of publication.

To date the vast majority of the ICO's fines have centred on public sector organisations, including councils and NHS Trusts, with fines ranging from around £70,000 to as high as £250,000.

However, the organisation has promised that two private sector spam text sending firms will be hit with fines totalling over £250,000 in the coming weeks. µ

This article was originally published on V3.