Last Friday was not a good day for the Gwent Police in the UK. The personal information of 10,000 people was accidentally emailed by the Gwent Police to a journalist at The Register, resulting in the first major UK data loss since new fines were introduced by the UK Information Commissioner.
It was bad enough that a Microsoft Excel spreadsheet containing birth dates and criminal record checks was sent unencrypted and without password protection. To accidentally include in the CC: field, the email address of a journalist at The Register turned this into a high profile data breach. The Register email address was in the system because it had been used earlier for two unrelated Freedom of Information requests.
IT staff were immediately called in to tighten security measures to avoid similar incidents occurring in the future. As a minimum that should include a secure file transfer system, content monitoring and filtering and data encryption.
While The Register has cooperated with Gwent Police in deleting the file they did not feel compelled to comply with requests not to mention this story.
No related posts.