We are currently experiencing network problems with the desktop version of Police Oracle. We hope to have these resolved as soon as possible.

Outsourcing deal: Data breach probed

Information Commissioner's office investigates after details of police staff members are sent to a private security firm

The Information Commissioner's Office is investigating after details of police staff were accidentally released to private security firm G4S at a time when three forces were exploring an outsourcing deal.

It has been confirmed that the details were released as Bedfordshire Police, Cambridgeshire Constabulary and Hertfordshire Constabulary were developing and researching a comprehensive business case for the security firm to take over their support services.

As previously reported on PoliceOracle, the deal was abandoned in favour of enhanced collaboration between the three forces. The decision followed months of controversy in the London Olympic Games, when G4S was unable to provide thousands of promised personnel.   

In a statement, the Cambridgeshire force confirmed that five files “which contained personal information about staff from three forces” had been sent electronically “via a framework already in existence with Lincolnshire Police”.

These contained personal information over and above what was required to be sent to the private security company, breaching the Data Protection Act 1998, the statement read. Reports have suggested that up to 1,000 staff may have been affected.

But once the breach had been identified, G4S had appointed an information assurance professional to ensure all hard and electronic data was deleted.

Cambridgeshire Deputy Chief Constable John Feavyour (pictured), Senior Risk Information Officer for the three forces, said the matter had been dealt with promptly and sensitively.

As well as notifying the Information Commissioner of what had happened, DCC Feavyour added that he had written and apologised to the staff affected.

He said: “The three forces acknowledged, in their letter to the Information Commissioner, that the sharing of the information was not fair and proportionate. However, the non-disclosure agreement in place between the three forces and G4S ensured that no data left the four organisations involved.

“I wrote to the members of staff affected by this data security breach in February explaining what had occurred and apologising to them. G4S responded extremely promptly and professionally when this matter was raised with them, ensuring that all personal data was deleted from their hard drives and records.”

A spokesman for the Information Commissioner’s Office confirmed that the breach had been reported. “We have been made aware of a possible data breach which may involve Cambridgeshire Constabulary, Bedfordshire Constabulary and Hertfordshire Police,” he said.

“We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”

Leave a Comment
View Comments 1
In Other News
Force confirms talks with G4S
Feature: Collaboration, Outsourcing And Efficiency Questions
Shared Services Initiative ‘Is Outsourcing Alternative’
G4S Fiasco ‘Has Denied Sensible Outsourcing Debate’
Three Forces Shun G4S Plans More News