UK Police woefully unequipped to handle data

Police on patrol

The Information Commissioner's Office has released audit results showing how only one police force in the UK secured top marks for data protection.

The watchdog carried out the tests between April 2013 and April 2014, focusing on 17 forces throughout the UK. Forces were tested on their adherence to the Data Protection Act, staff training and awareness, data sharing and security.

Only one (unnamed) police force emerged from the audit with a "high assurance" rating meaning that little to no action is required to shore up its data protection policies. Ten of the forces tested were given a "reasonable assurance" classification, meaning that they need "some" improvement to their security arrangements.

On the classification below, "limited assurance", were six forces, meaning that they need to improve their services in the future to better fall in line with the Data Protection Act's regulations.

No forces in the UK were given the lowest rating overall: "very limited assurance". Two police forces did, however, record this rating in two of their subcategories, namely records management and data sharing.

The audit covered 17 of the 43 forces in the country, so is by no means representative. Despite this, it still shows worrying signs of the unpreparedness of UK police in data protection and handling.

"Clearly police forces handle sensitive personal data, and we all want to have confidence that that information is being kept in line with the law," said an ICO spokesperson.

"Our findings suggest that tends to be the case, with two thirds of the forces needing just a few improvements in the areas we audited.

"But there's no room for complacency. The report contains a list of areas for improvement, and all forces would do well to read it."