Kent Police has been fined £80k by the Information Commissioner's Office (ICO) after sensitive personal details of a woman who accused her partner of domestic abuse were passed to the suspect, who was a police officer.
According to the ICO, the copper's solicitor was handed the entire contents of the complainant’s mobile phone. The solicitor displayed the full noble qualities of his profession by passing it all on to his client.
The complainant, a potential victim of domestic abuse, had given her phone to Kent Police because it contained a video recording she said supported her accusation against her police constable partner.
The phone, as the ICO note, "contained lots of other files, with sensitive personal data including text messages and family photographs."
While the officer was subject to a professional standards investigation by Kent Police into misconduct, the force also sent the officer’s solicitor the data contained in the woman’s mobile phone.
This is said to have happened "by mistake in advance of the misconduct hearing" according to the ICO, which is unable to conduct its own investigations into police misconduct outside of breaches of the Data Protection Act.
An ICO investigation found that Kent Police had inappropriate security measures, and that it had committed a serious breach of the Data Protection Act, likely to have caused substantial distress.
Stephen Eckersley, ICO head of enforcement, said: “Kent Police was investigating a serious matter yet the need to take proper care of the personal details they were entrusted with does not appear to have been taken seriously.”
Eckersley added that “Today’s fine should serve as a warning to other forces that it is vital they have robust measures in place to protect individuals’ personal data and guard against such inappropriate disclosures.”
Kent Police told The Register that it "has been informed of the outcome of an investigation by the Information Commissioner’s Office and accepts the decision. When the data breach became apparent Kent Police referred itself to the Information Commissioner and fully cooperated with the investigation."
"As soon as the breach was identified a new standard operating procedure was implemented to ensure that a similar error cannot be made in the future," the spokesperson added.
The force responded to questions from The Register as to whether it anticipated allegations of corruption, as a result of a victim's private data being passed to a suspect employed by it, by saying: "As per the statement this was found to be a system error and as soon as the breach was identified a new standard operating procedure was implemented to ensure that a similar error cannot be made in the future." ®