CPS fined £200k over theft of laptops holding 'sensitive interviews'
Contents included questioning of sex attack victims
The Crown Prosecution Service has been slapped with a £200,000 fine by the Information Commissioner's Office for negligence that led to the theft of laptops containing police interviews regarding violent and sexual cases.
The interviews were with 43 victims and witnesses and involved 31 investigations. Some of those related to historical allegations against a high-profile individual.
Many of the victims were vulnerable and had already endured distressing interviews with police and had referred to the names of the offenders in the videos, said the CPS.
The videos were being edited by a Manchester-based film company so that they could be used in criminal proceedings, but an ICO investigation found the videos were not being kept secure.
The residential flat the studio used was burgled on 11 September 2014 and two laptops containing the videos were stolen.
"The laptops, which were left on a desk, were password protected but not encrypted and the studio had no alarm and insufficient security," said the ICO in a statement.
The police recovered the laptops eight days later and apprehended the burglar. As far as the Commissioner is aware, the laptops had not been accessed by anyone else.
The ICO ruled that the CPS was negligent when it failed to ensure the videos were kept safe and did not take into account the substantial distress that would be caused if the videos were lost.
Head of enforcement at the ICO Stephen Eckersley said: “The CPS was aware of the graphic and distressing nature of the personal data contained in the videos, but was complacent in protecting that information. The consequences of failing to keep that data safe should have been obvious to them.”
He added: “If this information had been misused or disclosed to others then the consequences could have resulted in acts of reprisal.”
The CPS reported the incident to the ICO and informed the victims and witnesses involved. The ICO received complaints from three affected people.
The CPS delivered unencrypted DVDs to the studios using a national courier firm. If the case was urgent, the sole proprietor would collect the unencrypted DVD from the CPS personally and take it to the studio using public transport.
The ICO found that this constituted an ongoing contravention of the Data Protection Act until the CPS took remedial action following the security breach. ®
Sponsored: Beyond the Data Frontier