A Big Brother Watch report (Safe in Police Hands?), released this month, reveals that UK police forces suffer close to ten data breaches every week.
The report states that “between June 2011 and December 2015 there were at least 2,315 data breaches conducted by police staff”.
In addition, over 800 members of staff accessed personal information without any relevant ‘policing’ objective, and information was inappropriately shared with third parties more than 800 times.
55% of the cases resulted in no disciplinary action being taken
The report states that data breaches stem from a number of different causes, including:
- improper disclosure of information;
- accessing police systems for non-policing purposes;
- inappropriate use of data; and
- accessing data for personal reasons.
Concern over police’s data handling abilities
The report expresses concern over the police’s inability to handle data, especially in light of the proposed introduction of Internet Connection Records (ICRs), as outlined in the Investigatory Powers Bill, which will see the police access data offering ‘the deepest insight possible into the personal lives of all UK citizens.
Despite the UK’s vote to leave the European Union, the report calls for the UK to adopt the General Data Protection Regulation (GDPR), which imposes much stricter data protection penalties than the current Data Protection Act (DPA).
ISO 27001 is the international standard that provides guidelines for improved information security and data protection. Certification to ISO 27001 demonstrates that an organisation is following international information security best practices, and promotes awareness of information security across the organisation. As a comprehensive standard, ISO 27001 can enable an organisation to achieve its compliance objectives with the GDPR.
Organisations already thinking ahead and keen to achieve their compliance goals by May 2018 can look to ISO 27001 for the required protection of their data assets.