Police Scotland Fined for Mishandling Victim's Sensitive Data

Police Scotland Fined for Mishandling Victim's Sensitive Data

First seen 12 Mar 2026, 11:40 UTC TheregisterInfosecurity-Magazine 80% similarity 51.8

Article Content

Browse articles
ThreatCluster

Police Scotland has been fined £66,000 by the Information Commissioner's Office (ICO) for a serious data protection breach involving the sharing of a female officer's phone data with a colleague accused of rape. The incident occurred during an internal misconduct investigation initiated in early 2021. Police Scotland extracted the entire contents of the victim's phone, claiming it was relevant to the investigation, which included sensitive information such as medical records and intimate photos. The ICO found this extraction to be excessive and unfair, violating the Data Protection Act. The police force failed to notify the ICO within the required 72-hour timeframe after the data breach was discovered. The victim, who later waived her anonymity, reported the incident to the ICO in September 2022 after being informed by the Scottish Police Federation. The ICO's investigation began in May 2023, leading to the fine and highlighting the need for better data protection practices within law enforcement.

Key Points: • Police Scotland fined £66,000 for mishandling sensitive data of a rape victim. • The entire contents of the victim's phone were extracted and shared with the accused officer. • ICO found the data extraction excessive and unfair, violating the Data Protection Act.

ThreatCluster AI

Timeline

2021-01-01
Incident involving the victim and accused officer occurs.
2022-06-01
Victim notified of data breach by Scottish Police Federation.
2022-09-01
Victim complains to ICO about the data mishandling.
2023-05-01
ICO begins investigation into Police Scotland.
2026-03-11
ICO fines Police Scotland £66,000 for data protection violations.

Community

Browse all →