A Welsh police force has been fined after accidentally emailing out personal details including home addresses of eight registered sex offenders to the public. The Information Commissioner's Office (ICO) fined Dyfed-Powys Police £150,000 ($218,000) for the "serious contravention" of the data protection act after an email containing the names, addresses, telephone numbers and emails of registered sex offenders in Powys was sent to a member of a community scheme by an officer.
The police officer accidentally emailed the list of registered sex offenders to the member of the public, referred to as AB, as their name appeared first alphabetically in a global address book. The address book was only meant to be used for internal emails, but an ICO investigation found that it had grown to contain frequently used email addresses for people outside of the force.
The ICO said between 14 and 18 April 2015, AB received five emails from Dyfed-Powys police officers containing personal data. AB rang the force to inform them of their error, as well as replying to each email to inform the sender of their mistake.
Anne Jones, ICO Assistant Commissioner (Wales), said: "While at first glance this might seem like simple human error, it was made possible by the poor procedures the force had in place around protecting people's personal data.
"This is a troubling story, and one that will do little to reassure the local community that its police force can be trusted to look after sensitive information. This was an accident waiting to happen. The force failed to take advantage of earlier opportunities to address the problem, and now faces the consequences of getting it wrong."
Dyfed-Powys Police Deputy Chief Constable Liane James said: "We accept that mistakes were made and have acted to make the necessary changes to processes and systems. We work hard to ensure the safety of the data available to us and will continue to take the learning from this, now and in the future."