A police force has been fined £130,000 for losing disks containing a video interview with an alleged rape victim.
Humberside Police was handed the six-figure penalty by the Information Commissioner’s Office after a bundle containing sensitive details went missing.
An investigation by the watchdog revealed that three disks and accompanying paperwork were left in an envelope on an officer’s desk.
The material contained the alleged victim’s name, date of birth and signature, as well as the suspect’s name and address.
The envelope was due to be posted to another force but never arrived.
It is not known whether the package was actually sent and the disks are still missing.
Humberside Police failed to encrypt the disks or maintain a detailed audit trail of the package, the ICO probe found.
The alleged victim was informed of the loss in November 2016, more than a year after the interview was conducted.
Steve Eckersley, head of enforcement at the ICO, said: “We see far too many cases where police forces fail to look after disks containing the highly sensitive personal information contained within victim or witness interviews.
“Anyone working in a police force has a duty to stop and think whenever they handle personal details – making sure they are using the most appropriate method for transferring information and considering the consequences of it being lost before going ahead.
“Staff training in this area is vital.”
He added: “Police forces deal with such sensitive information that when things go wrong, it’s likely to be serious.
“This case shows how crucial it is to keep a clear record of what’s been sent, when and who to.”
Humberside Police, which has its headquarters in Hull, has also been asked by the ICO to sign a commitment to take steps to improve its data protection practices.
Humberside Police Deputy Chief Constable Chris Rowley said: “We share the view of the Information Commissioner’s Office that this was a serious incident and deeply regret the distress caused to the alleged victim.
“We made a voluntary referral to the Information Commissioner as soon as we realised a breach of the Data Protection Act had taken place, as well as informing the alleged victim that the package may not have been sent to Cleveland Police.
“We have fully co-operated with the Information Commissioner’s Office throughout and have also acted upon the findings to ensure our data protection practices have been improved since the incident in 2015.”