CPS in the dock over 100 ‘serious’ data breaches

Crown Prosecution Service under fire for a 12% overall increase in personal data incidents, including over 100 'serious' incidents of lost devices and confidential information

by Patrick Sullivan, Political Editor on 4 September 2019 06:51

Shutterstock_1095422036_(1)

The Crown Prosecution Service (CPS) is guilty of 1,378 unauthorised disclosures of confidential data, up from 1,329 in the previous financial year, according to official figures obtained by Absolute Software. Of these incidents, 115 in 2018-19 and 108 in 2017-18 were considered ‘serious’ – meaning the data loss was significant, not recovered, or not retained within the criminal justice profession.

The data, contained in the CPS annual report for its most recent financial year (FY 18-19), illustrates a rise in data breaches as well as missing devices and loss of confidential documents. The overall total number of personal data incidents across the 2018-19 financial year was 1,630, whereas the combined total in 2017-18 was 1,447 – an increase of 12 per cent. The CPS reported 172 incidents of loss of ‘electronic media and paper documents from secure government premises’, up from 67 the previous year.

Loss of electronic media and paper documents from non-government premises also rose from 36 incidents to 53 in the most recent financial year. There was also a sharp rise in device loss, with 27 laptops and mobiles reported missing, up from 15 reports the previous year. In 2018 the CPS was fined £325,000 by the Information Commissioner’s Office (IOC) for losing unencrypted DVDs containing recordings of police interviews. The DVDs contained recordings of interviews with 15 victims of child sex abuse, to be used at the trial. The DVDs contained the most intimate sensitive details of the victims, as well as the sensitive personal data of the perpetrator, and some identifying information about other parties.

Donal Blaney, data protection specialist at solicitor, Griffin Law, said : “If the CPS can’t obey the law, why should anyone else be expected to? It’s high time such powerful organs of the state took data privacy as seriously as the rest of us are supposed to.”

Andy Harcup, VP, Absolute Software said,  “The CPS is an organisation which oversees some of the most sensitive data imaginable. Clearly their information security posture is in need of overall strengthening and improvement, to ensure that the public have complete confidence that critical files are completely protected at all times, from witness statements to court documents. Such a sharp rise in device losses and unauthorised disclosures of confidential data is a gift to cyber criminals and fraudsters. It’s vital that the CPS improves its end-point security measures and reduces the number of data leaks as a matter of urgency.”

A CPS spokesperson said: “The CPS handles huge amounts of data files every year and staff are trained to make sure personal data is kept securely in line with national security guidelines.

“The small increase in incidents since the previous year reflects awareness training for all staff which has led to more incidents being reported. All data losses are taken extremely seriously."

Comments
blog comments powered by Disqus