publicSIRO

Gwent Police has apologised after the personal details of 10,006 individuals applying for criminal record checks were emailed to a journalist by accident.

A senior member of staff sent the sensitive information, which was not encrypted or password-protected, as an attachment in an email to five colleagues. Unfortunately, the staff member failed to spot their email system’s ‘AutoComplete’ feature had mistakenly copied in a reporter at The Register, Europe’s largest IT news website.

The Excel spreadsheet is said to have contained the full names and dates of birth of individuals subject to CRB checks since 2001. It also included the results of these checks, identifying 863 people as having a disclosures against them and, in some cases, revealing their occupations and criminal histories.

In a statement, Gwent Police attributed the data breach to  ’human error’ rather than a software problem, saying:

“As a Force we have strict policies and procedures in place relating to Data Security but regrettably these were not followed on this occasion. We are very sorry that we have on this occasion failed to meet our own high standards.”

Gwent Police confirmed a member of staff had been suspended and an internal investigation had begun under the supervision of the Independent Police Complaints Commission.

Source: The Register, 16 April 2010.