Greater Manchester Police received a fine of Â£120,000 from the Information Commissioners Office following the theft of an unencrypted memory stick from a police officerâ€™s home.
Having no password protection and with details on more than 1,000 people linked to serious crime investigations, the memory stick theft is considered a serious data breach. The ICO found that other unencrypted memory sticks were also used by officers to copy sensitive data that was accessed from remote locations.
â€œThis was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,â€ said David Smith, ICO Director of Data Protection. â€œIt should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.â€
The ICO reviewed a similar security breach in September 2010 when insufficient restrictions on downloaded materials were investigated following a similar event. Although the imposed Civil Monetary Penalty originally totaled Â£150,000, a 20 percent discount was set because the fine was paid ahead of the due date.
â€œThis is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes,â€ said Smith.