Serious data security breaches

The request was successful.

George Foster

Dear Warwickshire Police,

Over the last three years for which records are available:

1) how many instances have you recorded of serious data security
breaches by officers or civilian employees of your organisation
(usage of the terms "serious" and "data security breach" are
derived from guidance issued by the Information Commissioner e.g.
http://preview.tinyurl.com/5u69kz2). Please provide, if held,
information relating to what type of breach occurred (for instance,
inappropriate or unlawful access to PCN data).

2) what action if any was taken as a result?

3) how many instances led to your organisation notifying the
Information Commissioner of the incident/s in question?

Yours faithfully,

George Foster

Harris, Sabina 4959,

1 Attachment

Dear Mr Foster

Please find attached the Warwickshire Police response to your Freedom of
Information request.

<<00201 Mr Foster FOI Response letter.pdf>>

Yours sincerely

Sabina Harris

Sabina Harris

Information Compliance Officer

Tel: 01926 415720 (internal 5720)

Fax: 01926 415306

email: [email address]

Not protectively marked

[1]395 fewer people were the victim of serious violence, in comparison
with 2008-9 (down 13.0%)

Between April 1, 2006 and March 31, 2010 Warwickshire Police recorded the
largest decrease in incidents of violence by any police force.

Warwickshire Police, working with partners to protect communities from
harm.

Please visit [2]http://www.warwickshire.police.uk/ for more force news and
information.

Think - do you need to print this email?

This email footer message has been randomly selected from a suite of
messages and automatically allocated to this email. It does not relate to
the content contained within the above email.

Internet email is not a secure means of communication. If received in
error, please notify the originator immediately.

Any unauthorised use, disclosure, copying or alteration of this email is
strictly forbidden. Expressed views or opinions do not necessarily
represent those of Warwickshire Police. Email activity is regularly
monitored for malicious code, racist, obscene, or inappropriate activity.

Warwickshire Police accepts no responsibility for any loss or damage
arising from the receipt or use of this email.

Thank you

References

Visible links
2. http://www.warwickshire.police.uk/

George Foster

Dear Sabina

Thanks for your response.

In my original request I suggested that examples of serious
breaches might be "inappropriate or unlawful access to PCN data" (I
meant to say PNC - as in Police National Computer).

I am very surprised if your organisation does not consider
inappropriate or unlawful access to a database containing sensitive
personal data to be a serious breach. Please could you confirm that
that is the case?

Additionally, please provide information for the last three years
held by your organisation on incidents involving inappropriate or
unlawful access to PNC data (or any other similar manual or
electronic data). Preferably I would like to know the nature of the
incident and the outcome of any investigation or action taken as a
result.

Feel free to treat this either as a new or a modified request.

Yours sincerely

George Foster

Harris, Sabina 4959,

Dear Mr Foster,

Thank you for your email below. My apologies for not responding sooner, we have a backlog of work due to a reduction in staff within the Information Compliance Office. I have again liaised with the Force Information Security Officer, who has confirmed that the information provided on 6th June, 2011 in response to your request was correct, and in addition has provided the following information in response to your email below.

No police officer or indeed staff member has been disciplined or required to resign over any breaches of security in respect of any inappropriate use of systems and or data etc.

Warwickshire Police has a strong proactive monitoring procedure in place using specially trained staff as well as electronic monitoring tools and whilst police officers and staff have been advised regarding excessive usage of internet, the controls in place should ensure that breaches do not occur.

In respect of more sensitive systems, 2 factor authentication and extra security training plus an even more robust monitoring system ensures those designated staff are regularly audited and monitored.

Should you have any further queries regarding this matter. Please do not hesitate to contact this office.

Yours sincerely

Sabina Harris
Information Compliance Officer
Tel: 01788 853864 (internal 3864)
Fax: 01788 853781
email: [email address]

Not protectively marked

show quoted sections

George Foster

Dear Sabina

Thank you for this further information.

Yours sincerely,

George Foster