Police Scotland Fined £66,000 for Serious Data Breach Involving Detective's Private Information
In a shocking revelation, Police Scotland has been fined £66,000 by the Information Commissioner's Office for mishandling sensitive personal data related to a detective constable who accused a colleague of rape. Lianne Gilbert, 34, has waived her anonymity to disclose that the force shared a 'misconduct pack' containing her intimate images, medical records, and private emails with the suspect in 2022.
Traumatic Ordeal and Systemic Failures
Lianne Gilbert reported multiple abuse offences, including rape, in 2020. The alleged rapist was suspended, but she was not informed of the case findings when it was concluded in 2021. The case was reopened in 2023 and remains under investigation. She discovered early on that her support officer was the same person who arrested the accused man, an apparent conflict of interest that was never addressed.
The data breach occurred in July 2022 when a full download of her phone was placed onto discs, with three copies made. One copy went to her alleged abuser's solicitor and another to his federation representative. After learning of the breach, Lianne called 101 to report it, but was met with disbelief from the call handler. Police Scotland falsely claimed the breach had been reported to the ICO, when in reality, it was not reported within the required 72-hour timeframe.
Impact on Health and Daily Life
Lianne has been on extended sick leave since the incident, suffering from PTSD and other health issues stemming from the data breach and systemic abuse. She described feeling 'tortured' and unable to sleep, with the stress affecting her everyday life. The trauma has been so severe that she avoids taking pictures with her daughter, leaving her with only a handful of photographs of them together.
She expressed satisfaction with the ICO's fine, stating it shows the severity of the breach, but remains distressed as she has not been shown the discs and does not know which intimate images were shared. The process has taken longer than anticipated, with the rape case still ongoing six years later.
Police Scotland's Response and ICO Findings
Deputy Chief Constable Alan Speirs acknowledged that Police Scotland did not meet expectations and regulations in data handling, apologizing to those involved. A spokesperson admitted to delays in reporting and claimed processes have been implemented to prevent future occurrences. The ICO investigation, which started in November 2023 and took over two years, found serious failures, including excessive extraction of phone contents and lack of adequate policies.
Sally-Anne Poole, Head of Investigations at the ICO, emphasized that people should be able to trust organizations to handle their personal information with care, fairness, and respect. An ICO spokesperson noted the impact of data breaches and encouraged complaints if individuals are unhappy with their handling.
This case highlights critical issues in data protection and institutional accountability within law enforcement, underscoring the need for robust safeguards to prevent such breaches in the future.
