An investigation was launched after private details on a massive scale were sent to controversial contractor G4S. The data breach involving personal information about more than 1,000 ‘backroom’ staff at Cambridgeshire, Bedfordshire and Hertfordshire police happened amid negotiations to privatise services.
That deal was scrapped after the private firm was caught up in the fiasco over providing security for the London Olympic Games.
Campaigners have now urged police to put extra measures in place to ensure a similar breach does not happen again fearing details could get into the wrong hands, after the News uncovered the blunder.
Cambridge MP Julian Huppert said: “This is a very worrying issue and serves to highlight, once again, the danger of storing personal and confidential data. A simple mistake can lead to serious consequences.
“Fortunately, on this occasion the force acted swiftly taking all measures to make sure that staff were informed and the data contained and deleted.
“I hope the investigation will result in tighter procedures being put in place so nothing like this can happen again in the future.”
Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, fears any data could be “dangerous”.
He said: “This kind of error goes to the heart of the public’s confidence that the police can keep information secure.
“Given the information wasn’t needed as part of the negotiations, it was clearly a significant error for such a large number of staff’s details to be sent to G4S. The important question is to get to the bottom of how this error was allowed to happen and ensure those responsible are held to account.
“The risk is that today the data was sent to a responsible person, but tomorrow the same error could see confidential details end up somewhere far more dangerous.”
The three forces notified the Information Commissioner’s Office in February of the breach under the Data Protection Act 1998.
The gaffe occurred as the three forces were developing a deal with G4S, which was scrapped.
Five files were sent electronically about staff from the three forces to G4S breaching the Data Protection Act 1998, police admitted.
Deputy Chief Constable John Feavyour from Cambridgeshire Constabulary said: “The three forces acknowledged, in their letter to the Information Commissioner, that the sharing of the information was not fair and proportionate, however the non-disclosure agreement in place between the three police forces and G4S ensured that no data left the four organisations involved.
“I wrote to the members of staff affected by this data security breach in February explaining what occurred and apologised to them.
“G4S responded extremely promptly and professionally when this matter was raised with them, ensuring that all personal data was deleted from their hard drives and records.”