British coppers lose drug squad data, get fined thousands

British coppers lose drug squad data, get fined thousands

Summary: Manchester police force has been fined £150,000 by the UK's data protection watchdog after an unencrypted USB stick containing 11 years of data on serious crimes was stolen from a policeman's house in a burglary.

SHARE:

Greater Manchester Police has been fined £150,000 over the theft of a memory stick with information on more than a thousand people involved in drug squad probes.

Police
Manchester police have been hit with a £150,000 fine over a lost USB stick containing sensitive data.

The unencrypted USB stick was stolen in a burglary of a police officer's home in July 2011, the Information Commissioner's Office said on Tuesday. The device, which had no password protection, was left in a wallet on the kitchen table, according to the privacy watchdog.

It contained personal data on 1,075 people gathered over 11 years by the officer, who worked in the Manchester police force's serious crime division, including its drug squad. The information was downloaded from files held on the force's network, to act as a backup and a quick reference while the detective was out and about.

"This was truly sensitive personal data, left in the hands of a burglar by poor data security," David Smith, the ICO's director of data protection, said in a statement. "The consequences of this type of breach really do send a shiver down the spine."

"It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action," he added.

The force had issued the police officer with an encrypted memory stick, but the detective replaced this with a bigger-capacity USB when it got full. The stolen USB has not been recovered.

According to the ICO, several members of the Manchester police regularly used unencrypted memory sticks, even though the force had been warned about data protection after a similar security breach two years ago.

The privacy watchdog took this previous incident into account when deciding to hit the Manchester force with the £150,000 penalty. However, the force will only cough up £120,000, as it is taking advantage of an early payment discount of 20 percent. Under powers granted a few years ago, the ICO can fine organisations up to £500,000 for breaches.

"This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes," Smith said.

The squad has now put in place security measures to stop downloads of data to unauthorised devices. In an amnesty held after the data breach, Manchester officers handed in about 1,100 personal or unencrypted USB sticks.

Topics: Security, Privacy, Storage, United Kingdom

Karen Friar

About Karen Friar

Karen Friar is news editor for ZDNet in the UK, based in London. She started out in film journalism in San Francisco, before making the switch to tech coverage at ZDNet.com. Next came a move to CNET News.com, where she looked after west coast coverage of business technology, and finally a return to her homeland with ZDNet UK.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Say "oops"

    Lots of people (particularly techies) carry flash drives around now, so it's important to consider the implications of losing one. If you don't want some random individual to have the file and you must have it with you, then it must be encrypted; period.
    John L. Ries
  • Why are they storing sensitive information on a USB stick to begin with?

    Why are they storing sensitive information on a USB stick and allowing him to take it home to begin with?
    CobraA1