nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Dyfed-Powys Police fined for publicising pervs' particulars

For some reason, it's illegal for the public to know this stuff

By Team Register, 8 Jun 2016

Dyfed-Powys Police in Wales, UK, sent confidential information that could identify convicted sex offenders to a member of the public by accident.

Although the leak was minor, Brit watchdog the ICO fined the force £150,000 as it indicated sloppy internal processes.

An officer sent an email chain containing the names and addresses of eight registered offenders, along with the phone numbers and email addresses, to a member of the public.

The identities of sex offenders are kept confidential in the UK. In the US the equivalent list is publicly searchable.

The police force’s Outlook global address book was only intended to be used for internal recipients. But fat-fingered and lazy staff had, over time, added external recipients. The mistake occurred because an officer sent the email chain to the first entry that auto-completed from the address book, which turned out to be to one “AB”, a member of a community scheme.

In all the external recipient received five emails. The ICO put on its most-serious face because Daffy Dyfed-Powys had done nothing to prevent the slip happening again.

Amongst the recommendations of good practice are the creation of an email address that takes first place in the address book, that only goes to an internal recipient (e.g., “Aaron Aardvark”).

The ICO decision can be found here. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing