South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence

South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence

Por

The UK’s data protection regulator has reprimanded South Yorkshire Police (SYP) after it deleted 96,000 pieces of evidence from officers’ bodycams.

The Information Commissioner’s Office (ICO) highlighted multiple failings related to backup, record keeping and data management.

After an IT upgrade in May 2023, the centralized Digital Evidence Management (DEMS) system to which officers uploaded and stored body-worn video (BWV) footage began to struggle to process the data. As a result, it was stored on a local disk on the force’s application server.

However, on August 7 2023, an IT manager at SYP identified a large number of missing files, totalling 96,174. On subsequent investigation it was found that a “mass deletion of data” had taken place onJuly 26 that year. That’s the date a third party was carrying out data transfer activities from local storage to a “Storage Grid”platform.

Read more on police data breaches: ICO Reprimands Metropolitan Police for Data Snafu

“SYP has not been able to provide a definitive explanation as to how the deletion occurred, however, SYP has explained that it believes the data (BWV footage) was deleted from the Storage Grid in error,” said the ICO.

Although 95,033 pieces of that BWV footage had already been copied from the Storage Grid to a new system (Digital Asset Management System), SYP’s poor record keeping means it can’t confirm exactly how many files were deleted without copies made, it added.

Further issues with a backup solution, which were not resolved despite being known about since 2019, meant there were no fallback measures.

The data lost by the police related to 126 criminal cases, although only three were directly impacted. Of these three, only one might have progressed to a first court hearing if BWV had been available, the ICO ruled.

Still, the incident highlights the importance of having “detailed policies and procedures in place” to head off the risk of losing critical evidence, argued ICO head of investigations, Sally Anne Poole.

“People rightly have high expectations that our police forces and services, which protect us, also protect the personal information they hold,” she added.

“There is a lot to be learned from this incident, and I encourage police forces and services and other organization using this type of technology to check and make improvements where they find potential flaws.”

ICO Sets Out its Recommendations

As part of its reprimand, the regulator has recommendedthat SYP:

  • Ensures there is an adequate storage backup solution and process to restore lost BWV footage
  • Continues to shadow third parties when accessing SYP IT systems
  • Defines third-party roles and responsibilities when processing personal information held on SYP IT systems
  • Completes a risk assessment to determine security implications and control requirements before allowing third-party access to its IT systems
  • Ensures all records are marked in a clear, identifiable way