The Information Commissioner’s Office (ICO) confirmed today that it has fined the Serious Fraud Office a sum of £180,000 after one witness in a high-profile investigation was mistakenly sent confidential documents relating to sixty-four other people involved in the case.
In what was labelled as an ‘astounding’ lapse in security, an ‘inexperienced’ temporary worker sent 2,000 evidence bags, 407 of which contained confidential information about third parties, to another witness. This sensitive information was then disclosed to The Sunday Times who were able to publish a series of articles based on it.
The high-profile fraud and corruption case investigated the allegations that senior executives of BAE Systems had received payments as part of a Saudi Arabian arms deal.
David Smith, ICO Deputy Commissioner and Director of Data Protection, said: “This was an easily preventable breach that does not reflect well on the organisation.
“All law enforcement agencies should see this penalty as a warning that their legal obligations to look after other people’s information continue.”
While the Serious Fraud Office have now recovered 98% of the documents and put in place adequate security to ensure that personal information is returned to the correct recipient, this should be a warning to other organisations to ensure that compliant data protection measures are put in place.
“Data breaches of this sort can result in far-reaching consequences, both for your business and employees, suppliers and customers,” commented Paul Curtis, Director of B&M Secure Shredding.
“It is of vital importance that you have measures in place, such as an accredited document shredding service, to help mitigate the risk of data breaches and help you remain compliant with the Data Protection Act.”
As members of the British Security Industry Association (BSIA), B&M Secure Shredding operate a confidential document and media destruction service. We operate to ISO 9001 (Quality) standards and destroy confidential material to BS 15713 standards.