Crown Prosecution Service hit with £325k fine for losing DVDs with ‘most intimate details’ of abuse victims

Written by Sam Trendall on 18 May 2018 in News
News

After ICO punishment, CPS claims new digital evidence-transfer system will mean such a breach can never happen again

Credit: PA

After losing unencrypted DVDs containing footage of interviews with 15 victims of child sexual abuse, the Crown Prosecution Service has been hit with a £325,000 fine from the Information Commissioner’s Office.

In response to the punishment, the CPS said that it is rolling out a digital system for transferring evidence to ensure it never again needs to rely on sending sensitive information through the post.

The lost discs “contained the most intimate sensitive details of the victims, as well as the sensitive personal data of the perpetrator, and some identifying information about other parties”, the ICO said. 

In November 2016 they were sent from one CPS office to another via tracked delivery.

The office where they were received was shared by CPS with other organisations. The DVDs, which were “not in tamper-proof packaging”, were sent outside office hours, and were left in the building’s shared reception area, according to the ICO.


Related content


Having gone missing, their loss was not discovered for a month. Victims were not told until March 2017, and the ICO was informed in April. 

It is still not known what happened to the DVDs.

The ICO pointed out that the CPS suffered a data breach in which video evidence was lost  – for which it was fined £200,000 about a year before this incident took place. Despite which, the CPS failed to make sure that “appropriate care was being taken to avoid similar breaches”.

Steve Eckersley, head of enforcement at the ICO, said: “The victims of serious crimes entrusted the CPS to look after their highly sensitive personal data – a loss in trust could influence victims’ willingness to report serious crimes. The CPS failed to take basic steps to protect the data of victims of serious sexual offences. Given the nature of the personal data, it should have been obvious that this information must be properly safeguarded, as its loss could cause substantial distress.

He added: “The CPS must take urgent action to demonstrate that it can be trusted with the most sensitive information.”

A spokesperson for the CPS said that the service is currently implementing a digital system “that allows the secure online transfer of material between the CPS and the police”, including sending video interviews. The introduction of this system “will mean we no longer need to rely on sending discs through the mail”, they said.

“We accept the ICO’s decision that we breached the Data Protection Act and last year contacted victims’ families to explain what had happened and apologise. We also offered to meet families face-to-face,” the CPS spokesperson added.

“There is no indication the material was viewed by any unauthorised person. CPS South East have completely reviewed their systems and processes for the receipt and handling of video interviews to ensure that this situation cannot arise again. The original version of the data was retained by the police, and the defendant pleaded guilty in court. He was given a six-year prison sentence in March 2017.”

CPS said that it will pay the fine before 13 June – which means that it will be reduced to £260,000. 

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Related Sponsored Articles

Case Study: Cryptocurrency, connectivity and the cloud
12 November 2019

BT presents findings from cryptocurrency firm Gemini on how they're providing customers with direct connectivity thanks to the Radianz network

How do changing user expectations shape our approach to security?
29 October 2019

BT interviews Chris Roberts from Cisco to discuss the impact of our fast-paced culture on an enterprise’s network security measure

"Cyber crime is big business": Cyber awareness month
22 October 2019

As part of October’s Cyber Security Awareness Month, BT is sharing their top tips on how keep information secure for both you and your organisation