Crown Prosecution Service guilty of over 1,600 data breaches in the last year

Crown Prosecution Service suffered 1,627 data breaches in the last 12 months, accordingy to official figures.

by Patrick Sullivan, Political Editor on 8 October 2020 12:05


The Crown Prosecution Service (CPS) has recorded 1,627 data breaches over the entirety of the 2019-20 financial year, up from 1,378 in the previous financial year, according to official figures.

The data, contained in the annual CPS report and analysed by a leading UK litigation practice, also revealed that 59 incidents were so severe that they were reported to the Information Commissioner’s Office (ICO).

Analysis revealed that these incidents potentially affected up to 1,346 people.

The period from January to March saw by far the largest quantity of severe personal data incidents, with 21 data handling incidents leading to loss of ABE and media discs, as well as an additional 18 incidents of unauthorised disclosure of case information, impacting a whopping 1,233 people in total.

By comparison, just 11 incidents of unauthorised disclosures of case information affected 56 people in the period of October to December 2019, 12 data handling incidents and unauthorised disclosures of case information impacted 34 people in January to March, and 23 people were impacted in April to June 2019 by 15 total personal data incidents. In total, 1,463 of the total data breaches recorded over the entire financial year, were due to unauthorised disclosure of information, with 78 being considered ‘severe’.

A further 143 of the total incidents were due to loss of electronic media and paper, and in 22 of these instances, the data was never recovered.

Finally, the final 21 reported cases were due to loss of devices, including laptops, tablets and mobile phones, although only one of these devices was not eventually recovered, and no CPS data was compromised as a result.

Cyber expert Andy Harcup, VP, Absolute Software, told The Commentator: “The Crown Prosecution Service oversees some of the most sensitive data imaginable, from confidential case files to personal details of witnesses and victims in criminal trials. Against this backdrop, these figures paint a worrying picture of the organisation’s approach to data and device security, with many incidents appearing to put the safety of individuals at risk and some so serious they required notification of the Information Commissioner’s Office.

“Moving forward, the CPS needs to up its game, with a much more rigorous approach to securing personal data. Key to this effort is ensuring that every mobile device or laptop is protected and retrievable, so that they can be wiped or frozen in the event of loss or theft. Additionally, staff need better training on how to reduce data loss incidents, to preserve the integrity and public trust in the CPS brand.”

blog comments powered by Disqus