Brit prosecutors fined £325k after losing unencrypted vids of police interviews The UK's Information Commissioner's Office has slapped a £325,000 fine on the Crown Prosecution Service for losing unencrypted recordings of highly sensitive police interviews. The DVDs contained interviews with 15 victims of child sex abuse, including intimate details of the victims, sensitive personal data of the perpetrator …
The Clown Prosecution Service clearly didn't learn last time, yet again they do it, and all that happens is the moving of taxpayer's money from one branch of government back to the Treasury. The only people who suffer are the victims of crime.
If there's no personal accountability, nothing will change. Somebody, or several people should have at the very least been dismissed, or subject to personal prosecution.
As pointed out above, fining the CPS is a pointless exercise, but with a little tweaking it could be massively effective. What you first need to realise is that the "CPS" didn't make these mistakes; people did. Senior managers are paid a good salary to make sure their departments work smoothly, meet objectives, and stay within the rules. They get bonuses when this happens. Even if it was a mistake by an overworked drone that caused the individual problem, the responsibility lies with management.
The tweak that is needed is to take the fine from the budget for CPS senior manager bonuses. I expect that this suggestion will meet with protest but I emphasise that I am not proposing reducing their pay, only their bonus for a job well done; which it wasn't
Suspect the 'fine' would need to be taken from the bonuses in a fashion similar to your car insurance no claims discount. So they only get the full bonus if they have had several years of no 'claims', thus an incident like this will impact several years worth of bonuses.
Parts of the government fining other parts of the government are meaningless in real terms.
For such things to have any real effect, responsible people must be just that, be held responsible and dealt with accordingly.
Job loss or a personal fine etc would be more meaningful than a 'don't do it again' and a fine for the department.
Fines are meaningless.
In other areas, (e.g. Health & Safety) a board member is ultimately responsible at a company. We need a change in the law to force one board member to be responsible for data protection. That way, there is one, clearly identifiable person, who can be held accountable and sent down when their organization screws up.
"Doesn't the GDPR do this (make a nominated person - probably very senior - ultimately culpable)?"
Even better. Although a DPO has to be nominated there are provisions for directors or other senior officers to be held responsible and although the actual words aren't used that's effectively ex officio. IIRC the relevant section of the new Bill (should it ever get through Parliament) is S191.
No... the punishment required them to be hanged for a length of time then taken down before death (hence not hung), drawn (the process of having ones innards made outards ) before finally quartered (if the executioner was really skilled whilst still alive. Gutted and all, torn 4 ways).
A rather barbaric practice and not really all that helpful for rehabilitation...
I think that's slightly harsh. People have been using the Royal Mail to send confidential data - bank statements, cheques, deeds, court summons, plots to overthrow the government, porn, contracts, medical records, tax returns, mortgage applications - for 400 years. We, as a society including the courts, government and general population, have always treated the post and private couriers as secure. Much more secure than email.
This concept of having to encrypt is very new. CPS don't encrypt faxes and I doubt very much if they encrypt paper letters.
In fact I'll bet that the ICO sent their communications about this case in the clear by paper post.
There really are people holding down highly responsible, important jobs which involve the handling of incredibly sensitive personal data—which is also evidence for the trial of serious crimes—who are so abjectly lazy, incompetent, ignorant or plain stupid that they commit this stuff to portable media without encrypting it.
Who has lost their job for this pitiful incompetence?
"The DVDs were sent by tracked delivery between two CPS offices outside office hours and left in reception."
I'm surprised that all such sensitive material isn't stored in an encrypted form that can only be accessed with some kind of a card reader. That way when the DVD/Laptop gets stolen/is left on the tube, the contents aren't available to any third party.
...when a government body is fined? Say £1m?
They either ask for another £1m in their budget (making the fine completely pointless)...
...or they make a £1m saving in their budget, Now, they can't sack any staff, so all they can do is withdraw service. In which case the taxpayer gets punished twice - once with maladministration and the second time by having to suffer worse potholes in the roads, or whatever that department provided......
This is completely pointless and is akin to one hand taking money from the other, the money from the ICO fines will most likely go into the HM Treasury Consolidated Fund, which also happens to fund a large part of the Crown Prosecution Service...
I would rather the money go towards paying the victims some compensation and the rest be used to train the departments involved to be more careful.
....using the password
password123
for their new digital delivery system of interview footage and leaving it on a PostIT note stuck on a monitor in the police station reception in view of all the members of public coming in to report stuff.
"Because everyone kept forgetting the password and it was easier than calling IT to have it reset".
I bet we'll be reading that next.
As the CPS will pay the ICO fine before 13 June, it will cough up a reduced amount of £260,000.
Anybody would think from this that the offence is akin to some kind of glorified parking fine. What kind of attitude is it that allows a body like the CPS - the same body who always press for the maximum penalty - to enjoy a reduction in sanction as some sort of reward for simply saying sorry?
why put it on a DVD for it to be at risk of getting lost lost?
uploading the videos to YouTube and not listing them or marking them as private is probably more secure than putting it unencrypted on a disk and throwing it in a letterbox.....
at least that way they cold at least claim they tried to keep it secure. In even 2016 there is no reason why these videos needed to be on physical media.
Boffin icon out of irony,,,, it really is not that hard....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
