Peter A Clarke

Managing data when organisations are flooded with data is an ongoing challenge which can easily result in a data breach when that management fails. Misfiling documents in the analog era was common enough however the chance of that resulting in a privacy breach was far rarer than today with . The Information Commissioner has reprimanded the West Midlands Police for a data protection failure.  The data breach resulted in one person with the same name receiving documentation intended for another.  Given that one was a suspect in crimes and the other a victim of domestic violence this error was significant.  As is usually the case, upon investigation the Commissioner found significant flaws in the way the WMP handled data and trained its officers.  This is a typical problem.  Data breaches often occur because there are inadequate processes and not much in the way of training.

The media statement provides:

The Information Commissioner’s Office (ICO) has issued a reprimand to West Midlands Police (WMP) after the force repeatedly mixed up two people’s personal information.

On numerous occasions throughout 2020, 2021 and 2022, WMP incorrectly linked and merged the records of two people with the same name and date of birth. Both people had been victims of crime, and one was a suspect, meaning WMP didn’t make a clear distinction between the personal information of victims and suspects of crime, a breach of the Data Protection Act 2018.

This mix-up led to inaccurate personal information being processed and resulted in a catalogue of errors, including officers attending the wrong address when attempting to find a person regarding serious safeguarding concerns. Officers also incorrectly visited the school of a wrong person’s child. Read the rest of this entry »