data security draft

What action we've taken in Q1 and what you can do to stay secure

Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO. We have published this information to help organisations understand what we’re seeing and help them to take appropriate action.

What action we've taken in Q1

Humberside Police was fined £130,000 after disks containing a video interview of an alleged rape victim went missing.
The Royal Borough of Kensington and Chelsea was fined £120,000 after it unlawfully identified 943 people who owned vacant properties in the borough.
The Crown Prosecution Service (CPS) was fined £325,000 after it lost unencrypted DVDs containing recordings of police interviews.
Yahoo! UK Services Limited was fined £250,000 after its computer network was compromised as the result of a cyber-attack in November 2014.
The University of Greenwich was fined £120,000 following a security breach involving the personal data of nearly 20,000 people.
Bayswater Medical Centre was fined £35,000 after it left highly sensitive medical information in an empty building. The personal data, which included medical records, prescriptions and patient-identifiable medicine, was left unsecured in the building for more than 18 months.
Gloucestershire Police was fined £80,000 for revealing identities of abuse victims in bulk email.
The British and Foreign Bible Society was fined £100,000 after its computer network was compromised as the result of a cyber-attack in 2016.

What you've reported to us

What you can do to stay secure

Consider metadata when redacting information.
Check all data has been redacted and is not reversible before releasing.
Get someone to double check redactions.

Please note: the format for reporting the information has changed for this quarter; we will soon be launching a new infographics platform.