Greater Manchester Police have been hit with a £120,000 penalty from the Information Commissioners Office for the loss of sensitive information on more than 1,000 people.
The ICO said the force failed to take appropriate measures against the loss of personal data following the theft of a memory stick containing personal data from a police officer’s home.
The memory stick had no password protection and contained details of more than a thousand people with links to serious crime investigations.
During an investigation the ICO found that Manchester police officers regularly used unencrypted memory sticks, which may also have been used to copy data from police computers to access away from the office.
The force had not put restrictions on downloading information, and staff were not sufficiently trained in data protection, despite a similar security breach in September 2010, the Information Commissioner said.
David Smith, ICO Director of Data Protection, said: “This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine.
“It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.
“This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes.”
Greater Manchester Police were fined £150,000 but got a 20 per cent early payment discount (£120,000).