Recipient who should not have been on list received details of sex offenders
The Information Commissioner’s Office (ICO) has hit Dyfed-Powys Police with a £150,000 fine for mishandling an email that could be used to identify eight sex offenders.
It follows an investigation that found the email was mistakenly sent to a member of the public, and that the force did not have the right procedures in place to protect people’s personal data.
The error occurred when an officer emailed colleagues with the list – which included names, addresses, telephone numbers and email addresses of the offenders – with information that inferred the nature of their offences. But the message was also sent to a member of a local community scheme after selecting the wrong name from the force’s email address book, which was meant to be used only for internal emails.
The ICO discovered that the book had grown to include frequently used email addresses for people outside of the force. Also, the recipient had received five mails meant for other people in just four days in April 2015.
Anne Jones, the ICO assistant commissioner for Wales, said: “While at first glance this might seem like simple human error, it was made possible by the poor procedures the force had in place around protecting people’s personal data.”
She added: “This was an accident waiting to happen. The force failed to take advantage of earlier opportunities to address the problem, and now faces the consequences of getting it wrong.”
Image by Reategui12,CC BY-SA 3.0 via Wikimedia Commons