The UK's Information Commissioner's Office (ICO) has fined Police Scotland £66,000 for serious failures in handling a victim's sensitive data. During a 2021 internal gross misconduct investigation involving two police employees, officers extracted the entire contents of a victim's phone rather than only the relevant messages. The full data dump, including special category data, was then mistakenly shared with the accused officer. The victim complained to the ICO in September 2022 after Police Scotland failed to disclose what information had been wrongly shared. The ICO found Police Scotland violated the Data Protection Act 2018 by conducting excessive bulk data collection and failing to report the breach within the mandatory 72-hour window. Scottish media reported the case involved an alleged rape and that intimate images were shared with the alleged abuser.
Sort: