West Midlands Police – Violation Found (United Kingdom, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
West Midlands Police mixed up the records of two people with the same name and birthdate, causing serious mistakes. This led to officers visiting the wrong addresses and disclosing sensitive information to the wrong individuals. This incident raises concerns about how police handle personal data and the importance of accuracy.
What happened
West Midlands Police incorrectly merged the records of two individuals, leading to significant data inaccuracies.
Who was affected
Two individuals, one a victim and the other a suspect, whose personal information was confused by the police.
What the authority found
The Information Commissioner's Office found that West Midlands Police failed to ensure the accuracy and security of personal data, breaching data protection laws.
Why this matters
This case highlights the need for organizations, especially law enforcement, to maintain accurate records and protect personal data. It serves as a reminder for all organizations to prioritize data accuracy and security.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On numerous occasions throughout 2020, 2021 and 2022, West Midlands Police (WMP), a large regional police force, incorrectly linked and merged the records of two data subjects with the same name and date of birth on multiple occasions. Both people had been victims of crime, and one was a suspect, meaning WMP didn’t make a clear distinction between the personal information of victims and suspects of crime. This led to inaccurate personal data being processed on WMP’s systems and resulted in a number of incidents, including officers attending the wrong address when attempting to find a person regarding serious safeguarding concerns. Officers also incorrectly visited the school of a wrong person’s child. On 12 July 2022, WMP sent a letter to one individual that was intended for the other, disclosing that they had been a victim of an assault. At this time, the recipient was aware of the data accuracy issue on WMP’s systems and that this letter related to an individual who shares their name and date of birth and lives in the local area. ICO found that WMP did not take steps to rectify the error quickly enough and there was a failure to stop the inaccurate linking of records reoccurring, both breaches of data protection law. Considering the security incident, WMP have failed to demonstrate that they have kept personal data secure in relation to the other incidents affecting these two individuals. Due to the lack of appropriate records of these incidents, WMP do not know whether personal data was disclosed, including information concerning criminal offences. Also, WMP failed to demonstrate that they have ensured the accuracy and security of personal data relating to the two individuals in this case. WMP did not hold adequate records of the incidents relating to the accuracy and security of these individuals’ personal data. The ICO found that there was a lack of regular data protection training and not enough was done to make employees aware of their responsibilities to
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for West Midlands Police in UK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. West Midlands Police - United Kingdom (2024). Retrieved from cookiefines.eu
Last updated: