Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Dyfed-Powys Police Force in Wales signed an undertaking with the Information Commissioner’s Office (ICO) after a number of data breaches over an 18 month period were identified.
The ICO was alerted to the seriousness of multiple incidents that indicated a potential lack of data protection training and protocols. Although none of the breaches appear to have had any underlying malicious intent, the ICO recognised the seriousness of the repeated data breaches.
One of the incidents reported to the ICO involved sensitive personal data being sent by the Mental Health Team to an individual’s GP surgery by fax. Although the fax was sent to the right place, it was reportedly sent as an “open message” and without the individual’s consent.
ICO investigations reportedly found a distinct lack of appropriate data protection training for police officers and staff at the force. Of 2,258 police officers, 1,204 of them apparently didn’t have any data protection training. For those who did, there was reportedly no programme for refresher training to remind officers of their data protection duties and responsibilities.
A second incident occurred in January 2017 where an officer reportedly shared personal data about a councillor and a neighbour to the clerk of a local council. This officer had no authorisation to do so and it was revealed he had, unsurprisingly, never received any data protection training.
A third incident involved a picture taken on a mobile phone of a police officer’s work space where personal data was visible. This picture was reportedly sent to a family member who had no authority to see this information.
Again, the officer who sent the picture apparently hadn’t received any data protection training…
Prior to these incidents, there had already been a call for Dyfed-Powys police force to be investigated for a reported string of data breaches. Earlier in 2016, they were found liable for the accidental leak of information belonging to eight convicted offenders. The email containing the confidential information was sent to a member of the public in error and resulted in a substantial £150,000.00 fine for the police force.
On 27th September 2017, the ICO published the Undertaking document that details Dyfed-Powys police force’s commitment to comply with the seventh data protection principle.
The seventh principle in the Data Protection Act of 1998 provides:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
Signed by Chief Constable Mark Collins on behalf of Dyfed Powys Police, the undertaking identifies the following actions in order to help the force to actively comply with data protection duties:
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020