CPS working on new system to curb data losses

Crown Prosecution Service
Crown Prosecution Service

A new report has shown there is a "widespread issue" involving the Crown Prosecution Service (CPS) "misplacing discs containing sensitive evidence and information".

The joint report conducted by the Crown Prosecution Service Inspectorate and Inspectorate of Constabulary said they inspected the criminal justice computer systems and found the testimonies of underage and vulnerable victims and witnesses were being kept on portable discs.

The forces inspected were Kent, Merseyside, Greater Manchester, Northamptonshire, West Midlands and the Metropolitan Police, along with the corresponding CPS regions in the South East, Merseyside and Cheshire, North West, East Midlands, West Midlands and London.

They also observed magistrate and crown court cases and interviewed representatives from the police, CPS, Courts Service, Ministry of Justice and Home Office.

Speaking to SCMagazineUK.com, a CPS spokesperson said: “The CPS is already working, with its partners, to create a unified digital case management system, which when completed will make the use of discs obsolete.”

Data lost includes CCTV footage, 999 recordings, suspect interviews and the testimony of vulnerable and underage victims and witnesses.

In one case, a DVD interview of a 12-year-old sex offence victim was lost. It was this which caused the report to say that a new system for tracking evidence had to be introduced.

"Many officers informed us that it was common to receive several requests from the CPS to supply further copies of discs because the original copy submitted could not be found," the report said.

Also included in the report was the case involving Swan Films, the Manchester based film studio which was in charge of editing recordings of interviews to be shown in court as evidence in a case. Laptops containing these videos were stolen and the CPS was fined £200,000 by the Information Commissioner's Office in November 2015.

Commenting on the Swan Films case, a CPS spokesperson told SC, “It is a matter of real regret that sensitive information was not held more securely by our external contractor, and that we, as an organisation, failed to ensure that it was. We are grateful that the material was recovered without being accessed by those who stole the computer equipment but accept that this was fortuitous. It is vital that victims of crime feel confident that breaches like this will not happen and, following a full review after this incident, we have strengthened the arrangements for the safe and secure handling of sensitive material.”

Explaining that some police forces were using computer systems that were 20 years old, inspectors, who visited six forces and their corresponding CPS regions, said police and prosecutors needed "to urgently review arrangements for the handling of hard media".

Commenting on the new system, the CPS spokesperson said, “New standards have been developed for the handling of electronic hard media.  CPS areas are working closely with their local police forces to jointly review their handling and transportation of such material.”  

And the report agrees, explaining that "good progress" had been made towards a full digital system, highlighting the installation of Wi-Fi in magistrates' courts and a prosecutor app which will allow cases to be updated on the spot. 

Michael Hack, SVP of EMEA operations at Ipswitch, told SC, "The way that files are shared and moved is absolutely key in securing the data in transit. A disc with data on it is as easy to lose as a purse or a set of keys. An unencrypted disc with personal and sensitive witness data on it is more than careless, it is negligent.

"Public and private sector organisations can't take chances when it comes to IT security and must make sure critical information is kept safe. By automating, managing and controlling all file transfers from a central point of control, employees are able to easily send and share files using IT approved methods. The IT department also gains complete control over activity. It's no longer good enough just to have the right policies in place for secure data transfer, an organisation must ensure it has the right file transfer technologies, security systems, processes, and most importantly, staff training."

Richard Beck, head of cyber security at QA, said, “According to the latest QA cyber security survey, human error is the second largest concern (19 percent) for IT decision makers this year, with ‘compromise through employees' and ‘employee negligence' both featuring in the top five threats.

“Organisations can try and limit the impact by increasing staff awareness of cyber threats. With a fifth of those surveyed acknowledging that the biggest threat to security next year is likely to be human error, educating staff on how to detect and deter common threats like social engineering or phishing attacks could prove invaluable in helping defend an organisation.”