The Information Commissioner’s Office has served a monetary penalty of £100,000 on Kent Police after confidential information, including copies of police interview tapes, was left in the basement of a former police station.
The highly sensitive information included records relating back to the 1980s, thought to have been left at the site when the building was vacated in July 2009.
The information was discovered when a police officer was visiting a business owner about an unrelated matter on 27 November 2012 and noticed a pile of tapes with the logo of Kent Police stuck on them. The business owner confirmed that he had found the tapes in the basement of the old police station, after purchasing the site two months before, and was planning on watching them for entertainment.
The police service visited the site of the old station the next day and recovered hundreds of additional documents and evidence tapes. These included recorded interviews with informants, crime victims and individuals who had subsequently been convicted. The documents also included information about police staff.
The ICO’s investigation found that Kent Police had no guidance or procedures in place to makes sure personal information was securely removed from former premises. The problem was made worse due to an apparent breakdown in communications between the various departments involved in the move.
ICO Head of Enforcement, Stephen Eckersley, said:
“If this information had fallen into the wrong hands the impact on people’s lives would have been enormous and damaging. These tapes and files included extremely sensitive and confidential information relating to individuals, many of whom had been involved in serious and violent crimes. How a police force could leave such information unattended in a basement for several years is difficult to understand.
“Ultimately, this breach was a result of a clear lack of oversight, information governance and guidance from Kent Police which led to sensitive information being abandoned. It is only good fortune that the mistake was uncovered when it was and the information hasn’t fallen into the wrong hands.”
SOURCE: Information Commissioner’s Office
Did we know about this breach before now? If not, why not? Would we have ever found out about it if the ICO hadn’t issued a monetary penalty or someone didn’t file a FOI request?