A police force which disclosed sensitive information belonging to a woman who accused her partner of domestic abuse to the partner's solicitor has learned its lesson, the Information Commissioner has said.
Publishing an update today, the ICO said Kent Police has 'appropriately addressed the actions' agreed in an undertaking signed a year ago.
The chief constable had informed the commissioner in 2014 that the force disclosed in error to the accused's solicitor a CD containing the entire contents of the woman's mobile phone.
She had voluntarily handed over her phone, which she said contained a video recording supporting the allegation, to the police as evidence. The commissioner was told the phone's entire contents had to be downloaded for technical reasons. It was also necessary to retain the data as unused material once downloaded to comply with the Criminal Procedure and Investigations Act 1996.
Kent Police has already paid an £80,000 penalty. The chief constable, as the data controller, also undertook to develop written procedures and other supporting documents for relevant staff about data extraction from mobile devices. These emphasise that explicit, informed consent should be sought from victims and witnesses.
The chief constable pledged to create a fair processing notice for victims and witnesses to read and sign, which clearly explains which personal data will be extracted from their mobile device and how the data will be processed.
He undertook, where technically possible, to limit data extraction from mobile devices to relevant data sets.
'Where technical requirements result in the total extraction of binary data, only relevant data sets will be converted into readable format and processed as required by the Criminal Procedure and Investigations Act 1996. Any irrelevant information in a readable format identified as such by the disclosure officer shall be deleted,' the undertaking stated.
The ICO said today its review 'demonstrated that Kent Police has taken appropriate steps and put plans in place to address all of the requirements of the undertaking'. This includes a full review of staff able to complete digital downloads, supported by regular audits and quality-control checks.
Kent Police's deputy chief constable Paul Brandon said in a statement to the Gazette: 'In April 2016 Kent Police was fined by the Information Commissioner’s Office following a data breach in 2014. As soon as this breach became apparent Kent Police immediately referred itself to the ICO and remains committed to working with them to ensure that all data that is handled by Kent Police is done so appropriately.
‘Following this data breach the chief constable signed an undertaking to address a number of issues that were raised during a review of the case. Kent Police has now demonstrated to the ICO that appropriate steps have been taken to address all of the requirements of the undertaking.’