back to article Brit prosecutors fined £325k after losing unencrypted vids of police interviews

The UK's Information Commissioner's Office has slapped a £325,000 fine on the Crown Prosecution Service for losing unencrypted recordings of highly sensitive police interviews. The DVDs contained interviews with 15 victims of child sex abuse, including intimate details of the victims, sensitive personal data of the perpetrator …

  1. Anonymous Coward
    Anonymous Coward

    Why do the ICO bother?

    The Clown Prosecution Service clearly didn't learn last time, yet again they do it, and all that happens is the moving of taxpayer's money from one branch of government back to the Treasury. The only people who suffer are the victims of crime.

    If there's no personal accountability, nothing will change. Somebody, or several people should have at the very least been dismissed, or subject to personal prosecution.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why do the ICO bother?

      That's the problem when Kermit isn't around. You just can't trust Muppets to do things properly...

      1. EastFinchleyite

        Re: Why do the ICO bother?

        As pointed out above, fining the CPS is a pointless exercise, but with a little tweaking it could be massively effective. What you first need to realise is that the "CPS" didn't make these mistakes; people did. Senior managers are paid a good salary to make sure their departments work smoothly, meet objectives, and stay within the rules. They get bonuses when this happens. Even if it was a mistake by an overworked drone that caused the individual problem, the responsibility lies with management.

        The tweak that is needed is to take the fine from the budget for CPS senior manager bonuses. I expect that this suggestion will meet with protest but I emphasise that I am not proposing reducing their pay, only their bonus for a job well done; which it wasn't

        1. Roland6 Silver badge

          Re: Why do the ICO bother?

          Suspect the 'fine' would need to be taken from the bonuses in a fashion similar to your car insurance no claims discount. So they only get the full bonus if they have had several years of no 'claims', thus an incident like this will impact several years worth of bonuses.

  2. Chris G Silver badge

    Get real

    Parts of the government fining other parts of the government are meaningless in real terms.

    For such things to have any real effect, responsible people must be just that, be held responsible and dealt with accordingly.

    Job loss or a personal fine etc would be more meaningful than a 'don't do it again' and a fine for the department.

    1. Anonymous Coward
      Anonymous Coward

      Re: Get real

      But lets be fair, it will be Fred in the post room that will get the sack after being told, can you send this overnight to the other office.

  3. A Non e-mouse Silver badge

    Fines are meaningless.

    In other areas, (e.g. Health & Safety) a board member is ultimately responsible at a company. We need a change in the law to force one board member to be responsible for data protection. That way, there is one, clearly identifiable person, who can be held accountable and sent down when their organization screws up.

    1. Anonymous Coward
      Anonymous Coward

      > "We need a change in the law to force one board member to be responsible for data protection"

      Doesn't the GDPR do this (make a nominated person - probably very senior - ultimately culpable)?

      1. Doctor Syntax Silver badge

        "Doesn't the GDPR do this (make a nominated person - probably very senior - ultimately culpable)?"

        Even better. Although a DPO has to be nominated there are provisions for directors or other senior officers to be held responsible and although the actual words aren't used that's effectively ex officio. IIRC the relevant section of the new Bill (should it ever get through Parliament) is S191.

  4. adam payne Silver badge

    "There is no indication the material was viewed by any unauthorised person," he added.

    It was a DVD, how would you get an indication that the material on the disk has been viewed?

    One question though was the data on the DVD encrypted?

    1. John Robson Silver badge

      No idea how they know a lot disc hasn't been viewed - but they are right that there is likely no evidence that it *has* been. It's just that there is no evidence that it *hasn't* been either.

      Of course the data wasn't encrypted. What do you think Herr May would think of that...

  5. Empty1

    "lost" - "unencrypted" is worse.

    They've been fined for losing a DVD.

    They should be hung, drawn and quartered for generating them without encryption.

    1. Aladdin Sane Silver badge
      Headmaster

      Re: "lost" - "unencrypted" is worse.

      Hanged

      1. Sgt_Oddball Silver badge

        Re: "lost" - "unencrypted" is worse.

        No... the punishment required them to be hanged for a length of time then taken down before death (hence not hung), drawn (the process of having ones innards made outards ) before finally quartered (if the executioner was really skilled whilst still alive. Gutted and all, torn 4 ways).

        A rather barbaric practice and not really all that helpful for rehabilitation...

        1. Aladdin Sane Silver badge

          Re: "lost" - "unencrypted" is worse.

          Not forgetting being emasculated after the hanging but before the drawing.

        2. EnviableOne Bronze badge

          Re: "lost" - "unencrypted" is worse.

          but its one hell of a deterent.

          The DPO is not criminally responsible if they advised against it and the board ignore them.

    2. Adam 52 Silver badge

      Re: "lost" - "unencrypted" is worse.

      I think that's slightly harsh. People have been using the Royal Mail to send confidential data - bank statements, cheques, deeds, court summons, plots to overthrow the government, porn, contracts, medical records, tax returns, mortgage applications - for 400 years. We, as a society including the courts, government and general population, have always treated the post and private couriers as secure. Much more secure than email.

      This concept of having to encrypt is very new. CPS don't encrypt faxes and I doubt very much if they encrypt paper letters.

      In fact I'll bet that the ICO sent their communications about this case in the clear by paper post.

  6. Milton Silver badge

    Yes, they exist

    There really are people holding down highly responsible, important jobs which involve the handling of incredibly sensitive personal data—which is also evidence for the trial of serious crimes—who are so abjectly lazy, incompetent, ignorant or plain stupid that they commit this stuff to portable media without encrypting it.

    Who has lost their job for this pitiful incompetence?

    1. Walter Bishop Silver badge

      Re: Yes, they exist

      @Milton: "Who has lost their job for this pitiful incompetence?"

      Nobody, cause the CPS is going to lose the evidence :]

  7. ratfox Silver badge
    Meh

    "Lost"

    I think you mean, was stolen.

    1. }{amis}{ Silver badge
      Black Helicopters

      Re: "Lost"

      Ride on the right tube train out of Whitehall around 17:00 and every third suitcase is likely to have a poorly secured laptop full of privileged government data.

      I would bet targeting mid-level civil servants on the tube is a sport amongst the various spy agencies.

  8. Doctor Syntax Silver badge

    If this was supposed to be court evidence they weren't taking continuity seriously. Having exposed this practice twice I'm sure defence counsel will have taken note. It should make for interesting cross-examination.

    1. joeldillon

      'The original version of the data was retained by the police'

      It's data, not a bloodstained knife. This was a copy of the version that was, presumably, properly stored with full chain of custody for the trial.

      1. Doctor Syntax Silver badge

        "This was a copy of the version that was, presumably, properly stored with full chain of custody for the trial."

        Which of these were the CPS planning to produce in court? If they were planning to produce the original why were they bouncing a copy between offices?

  9. rmason Silver badge

    New system to transfer files digitally...

    Who wants to have a bet?

    Onedrive?

  10. Walter Bishop Silver badge
    Facepalm

    Confidential DVDs left in reception

    "The DVDs were sent by tracked delivery between two CPS offices outside office hours and left in reception."

    I'm surprised that all such sensitive material isn't stored in an encrypted form that can only be accessed with some kind of a card reader. That way when the DVD/Laptop gets stolen/is left on the tube, the contents aren't available to any third party.

  11. Dodgy Geezer Silver badge

    What actually happens...

    ...when a government body is fined? Say £1m?

    They either ask for another £1m in their budget (making the fine completely pointless)...

    ...or they make a £1m saving in their budget, Now, they can't sack any staff, so all they can do is withdraw service. In which case the taxpayer gets punished twice - once with maladministration and the second time by having to suffer worse potholes in the roads, or whatever that department provided......

  12. Upperfoot

    Reparations for the victims

    This is completely pointless and is akin to one hand taking money from the other, the money from the ICO fines will most likely go into the HM Treasury Consolidated Fund, which also happens to fund a large part of the Crown Prosecution Service...

    I would rather the money go towards paying the victims some compensation and the rest be used to train the departments involved to be more careful.

  13. Roger Kynaston

    what will happen with any prosecutions

    Assuming that further investigation finds that a senior bod in the CPS has to face criminal proceedings. Will they sign off on their own prosecution?

  14. steviebuk Silver badge

    UK's Crown Prosecution Service fined £325k after...

    ....using the password

    password123

    for their new digital delivery system of interview footage and leaving it on a PostIT note stuck on a monitor in the police station reception in view of all the members of public coming in to report stuff.

    "Because everyone kept forgetting the password and it was easier than calling IT to have it reset".

    I bet we'll be reading that next.

  15. Anonymous Coward
    Anonymous Coward

    And the real victims ?

    Not a brass farthing.

    I work with people from all over the world. If you ask them about UK data protection, they'd say it would be a good idea.

  16. xanda

    This one stinks proper.

    As the CPS will pay the ICO fine before 13 June, it will cough up a reduced amount of £260,000.

    Anybody would think from this that the offence is akin to some kind of glorified parking fine. What kind of attitude is it that allows a body like the CPS - the same body who always press for the maximum penalty - to enjoy a reduction in sanction as some sort of reward for simply saying sorry?

  17. herman Silver badge

    Hmm, now they have an online method to transfer the videos - did they check Youtube for leaks?

  18. pɹɐʍoɔ snoɯʎuouɐ
    Boffin

    why put it on a DVD for it to be at risk of getting lost lost?

    uploading the videos to YouTube and not listing them or marking them as private is probably more secure than putting it unencrypted on a disk and throwing it in a letterbox.....

    at least that way they cold at least claim they tried to keep it secure. In even 2016 there is no reason why these videos needed to be on physical media.

    Boffin icon out of irony,,,, it really is not that hard....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019