LANCASHIRE police have received a slap on the wrist for a website blunder which led to a data breach.
Lancashire Police Authority breached the Data Protection Act by accidentally publishing details of an individual’s complaint on its website, failing to edit information on two documents marked as restricted.
It also failed to remove the offending data for four days after it had been told of the breach on 24 January.
The Information Commissioner’s Office (ICO) has now ordered the force to ensure that any information released on its website is checked before it is made available.
Simon Entwisle, director of operations from the ICO, said: “While it is important that public authorities are transparent about the work they do by publishing information online, this should never be at the expense of an individual’s rights to privacy.
“There can be no excuse for publishing someone’s personal information online, and the fact that the Authority failed to remove it when told makes this case all the more concerning.”
Miranda Carruthers-Watt, Chief Executive, of Lancashire Police Authority, has signed an undertaking to ensure that procedures are introduced to make sure that all minutes and agendas are quality assured by an appropriate member of staff prior to being published on the authority’s website.
The authority will also develop a policy for staff explaining the actions they should take when receiving notice of a data breach as well as providing appropriate training and support on how to follow it.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here