Gwent Police has been formally criticised by the Information Commissioner’s Office (ICO) after it accidentally emailed the details of 10,000 CRB checks to a journalist.
The ICO has said no details of criminal convictions were disclosed and the nature of the information was not identifiable, but 863 records indicated the individual had personal information recorded.
A subsequent investigation conducted by Gwent Police criticised the member of staff responsible for circulating the email after the individual failed to follow the force’s IT security policies.
Anne Jones, Assistant Commissioner for Wales, said: “It is essential that staff are aware of and follow their organisation’s security policies. Such a huge amount of sensitive personal information should never have been circulated via email, especially when there was no password or encryption in place.
“We are pleased that Gwent Police has taken steps to prevent this happening again.”
The undertaking was agreed in August 2010. However, as disciplinary proceedings at Gwent Police were underway, the ICO did not publish the undertaking at that time.
Mick Giannasi, the then Chief Constable of Gwent Police, signed a formal undertaking agreeing to put in place a number of steps to prevent a similar breach from happening again.
Gwent Police will implement stricter rules to ensure that wherever possible information is accessed directly via secure databases and the use of generic passwords will stop.
The undertaking also requires new technology to be brought in to prevent the inappropriate auto completion of addresses in internal and external email accounts.