Case study: vulnerable victims’ data

The Information Commissioner’s Office has fined Humberside Police £130,000 for failing to take appropriate and effective steps to secure the video interview of the victim of an alleged rape. The case involved unencrypted discs, containing sensitive personal data, which were left in an envelope in an officer’s desk and went missing.

The force had an Information Security Policy in place but failed to put it into practice and also failed to maintain an audit trail of the data. These two requirements come under extra scrutiny with the GDPR.

The case reiterates the need for accountability and data protection by design and by default. The training of individual staff is of utmost importance.

Details of this latest case can be found here.