The price of postage
Greater Manchester Police (GMP) has been fined £150,000 by the Information Commissioner's Office (ICO) after three DVDs of victim interviews were lost in the post.
The DVDs were sent out by GMP in 2015 to the National Crime Agency (NCA). They were sent using recorded delivery but never arrived at the NCA, and have never been found. The ICO was notified of the loss and decided a fine was appropriate. Sally Poole of the ICO said: "When people talk to the police they have every right to expect that their information is handled with the utmost care and respect. Greater Manchester Police did not do this. The information it was responsible for was highly sensitive and the distress that would be caused if it was lost should have been obvious".
GMP, like other police forces, had been routinely sending evidence disks to the NCA since 2009, and this was the first time it had lost a disk in transit. Critics have said that GMP should not have trusted the disks to the post and instead used a courier service. That would have been a great deal more expensive, and couriers can still have accidents and lose packages, or have items stolen. Another suggestion is that GMP should have emailed the data, but sending gigabytes of data over email is both time consuming and expensive, especially in years past when we all had slower lines and bandwidth was more limited. Transporting large volumes of data on DVD or USB stick is often by far the most economic solution, and is the system routinely used by many organisations handling massive amounts of data.
Should the disks have been encrypted? Encrypting gigabytes of data is not trivial, especially for people who are not technology specialists, and encryption is only secure and effective if you also have a secure password exchange mechanism which you can coordinate across a great many staff in different organisations.
Perhaps GMP should have given more thought to the possibility of disks being lost in the post, but I would like to have seen more questions asked of the Royal Mail. You might think that when you send a package by recorded delivery that you have every right to expect that your package is handled with the utmost care and respect. The Royal Mail is an organisation which enjoys a dominant position in the market, and which can lose a recorded delivery item, be totally unable to explain why it has lost it, and yet pays no more than the physical cost of the contents in compensation, (which is pennies in the case of a DVD), with an upper limit of £50 compensation per lost package.
The £150,000 fine is substantial, but is it effective? All it is doing is taking a huge sum of money out of GMPs budget and putting it into some other government budget, minus the costs of a great deal of admin, accounting, and reporting along the way. It means that GMP has a little less money to spend on policing this year, several less officers on the street, so the people who ultimately suffer are the citizens of Greater Manchester. There is sense in ICO fining commercial organisations who flout privacy in the name of profit, but one arm of government fining another arm of government seems a largely pointless exercise. Perhaps the cost of ICO investigations would be better spent on education, training and support.
24th May 2017
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.