Police in CRB email gaffe


Gwent Police has been slapped on the wrist after it sent results of Criminal Reference Bureau (CRB) checks to a member of the public.

The force sent an email containing a spreadsheet of the results of around 10,000 CRB enquiries to a website journalist.

A staff member accidentally included the journalist in the email.

Fortunately, no details of criminal convictions were disclosed and the nature of the information was not identifiable.

Nevertheless, the Information Commissioner's Office (ICO) found the force in breach of the Data Protection Act.

A Gwent Police investigation into the incident criticised the member of staff for not following the force's IT policies.

"It is essential that staff are aware of and follow their organisation's security policies," said Anne Jones, assistant commissioner for Wales.

"Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place."

Gwent Police signed a formal undertaking to shore up its practices, requiring new technology to be brought in to stop autocomplete of email addresses in internal and external accounts.

The force will be pleased to have avoided a fine something two councils did not manage earlier this week.

Ealing and Hounslow councils were hit with fines totaling 150,000 for the loss of unencrypted laptops containing personal data.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.