Dyfed-Powys Police Force signs undertaking after multiple data breaches reported
police data breach

Dyfed-Powys Police Force signs undertaking after multiple data breaches reported

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Dyfed-Powys Police Force in Wales signed an undertaking with the Information Commissioner’s Office (ICO) after a number of data breaches over an 18 month period were identified.

The ICO was alerted to the seriousness of multiple incidents that indicated a potential lack of data protection training and protocols. Although none of the breaches appear to have had any underlying malicious intent, the ICO recognised the seriousness of the repeated data breaches.

Multiple incidents reported

One of the incidents reported to the ICO involved sensitive personal data being sent by the Mental Health Team to an individual’s GP surgery by fax. Although the fax was sent to the right place, it was reportedly sent as an “open message” and without the individual’s consent.

ICO investigations reportedly found a distinct lack of appropriate data protection training for police officers and staff at the force. Of 2,258 police officers, 1,204 of them apparently didn’t have any data protection training. For those who did, there was reportedly no programme for refresher training to remind officers of their data protection duties and responsibilities.

A second incident occurred in January 2017 where an officer reportedly shared personal data about a councillor and a neighbour to the clerk of a local council. This officer had no authorisation to do so and it was revealed he had, unsurprisingly, never received any data protection training.

A third incident involved a picture taken on a mobile phone of a police officer’s work space where personal data was visible. This picture was reportedly sent to a family member who had no authority to see this information.

Again, the officer who sent the picture apparently hadn’t received any data protection training…

Not the first time the force has been investigated

Prior to these incidents, there had already been a call for Dyfed-Powys police force to be investigated for a reported string of data breaches. Earlier in 2016, they were found liable for the accidental leak of information belonging to eight convicted offenders. The email containing the confidential information was sent to a member of the public in error and resulted in a substantial £150,000.00 fine for the police force.

The ICO’s undertaking

On 27th September 2017, the ICO published the Undertaking document that details Dyfed-Powys police force’s commitment to comply with the seventh data protection principle.

The seventh principle in the Data Protection Act of 1998 provides:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Signed by Chief Constable Mark Collins on behalf of Dyfed Powys Police, the undertaking identifies the following actions in order to help the force to actively comply with data protection duties:

  • Data protection training to help officers understand and comply with data protection laws and how to process data properly
  • Refresher training to ensure ongoing compliance with the Act
  • Recording and monitoring training with prompt remedial action when there is any non-compliance
  • Appropriate security measures to prevent unauthorised and unlawful processing, accidental loss, destruction, and/or damage to personal data
  • The force will confirm its plans to implement and commit to the above steps within a month of agreeing to the undertaking

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon