jump to navigation

ICO Fail, DPA Fail, Data Protection Misery November 6, 2015

Posted by Audit Monkey in The Joy & Pain of Internal Audit.
Tags: , , , , ,

I should explain my thoughts behind my Tweet regarding the ICO (Information Commissioner) fining the CPS (Crown Prosecution Service) for a breach of the Data Protection Act (DPA). The BBC’s reporting of this is rather brief, and it implies it was the theft of laptops and unencrypted material in the care of the CPS. (The article can be read here.)

In actual fact, it is a little more complex and I’ve had to turn the ‘Guardian’ newspaper for the detail. According to the Guardian article, the CPS had handed over evidence to a third-party, in this instance a film based company to prepare the video taped interviews with the victims of crime. The actual taping took place in a residential apartment, which was subsequently broken into and two laptops with the video material on was stolen. The apartment was unsecured, i.e. had no alarm and the material on the laptops was unencrypted. Let’s face it, if it was work in progress, I wouldn’t necessarily expect it to be. Fortunately the Police recovered the laptops and the material had not been accessed. The CPS was fined £200,000 by the ICO for not securing the laptops and the possible distress to the victims if the material had been shared.

My view. While the ICO is technically correct, it does seem like a bit of a merry-go-round. From memory, while the data owner (here the CPS) has to ensure that a third-party (the film company) who performs any data processing (editing) adheres to the DPA, any sanction and fine ought to have been levied at the film editing company, not the CPS. I appreciate that the ICO cannot do this, so the CPS takes the hit. Of course, by levying the fine, public and taxpayers money is simply transferred from one budget pot to another. In short, the ICO has engaged in a bureaucratic exercise just to prove a point.


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: