The Information Commissioner's Office (ICO) has slapped the Lancashire Police Authority on the wrist for a website snafu which led to a data breach.
The police force accidentally published details of an individual's complaint on its website, failing to edit information on two documents marked as restricted.
The Lancashire Police Authority also failed to remove the offending data after it had been told of the breach on 24 January. The information remained on the website for four days after that.
"While it is important that public authorities are transparent about the work they do by publishing information online, this should never be at the expense of an individual's rights to privacy," said ICO director of operations Simon Entwisle.
"There can be no excuse for publishing someone's personal information online, and the fact that the authority failed to remove it when told makes this case all the more concerning."
The police force has now signed an undertaking, forcing it to ensure proper procedures are in place so non-redacted documents don't appear on its website.
"The authority will also develop a policy for staff explaining the actions they should take when receiving notice of a data breach as well as providing appropriate training and support on how to follow it," the ICO added.
The police were under the security spotlight again earlier this month for database "abuses."
A Big Brother Watch report discovered over 900 police officers and staff in the UK were subject to internal disciplinary procedures for breaching the Data Protection Act (DPA) over the past three years.
The report also found 243 police members of staff received criminal convictions for breaking laws set down by the DPA.
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Document management systems (DMS) in the AI era: How to choose the right solution to create a trusted foundation for your businessSupported In the AI era, documents are no longer just records — they’re strategic assets. A modern DMS provides the secure, intelligent foundation firms need to harness AI, ensure compliance, and build lasting digital confidence
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
