ICO pointed to serious shortcomings in backup practices, record keeping, and data governance.
The ICO has formally reprimanded South Yorkshire Police after nearly 96,000 body-worn video files were lost due to a major IT mishap.
In a statement, the ICO pointed to serious shortcomings in backup practices, record keeping, and data governance, noting that "SYP has not been able to provide a definitive explanation" for the deletion.
It said that South Yorkshire Police “did not have the appropriate technical and organisational measures in place to keep the evidence secure.” This includes:
Delaying the formulation of IT backup policies and not escalating to senior management when flaws were discovered in 2019;
Poor record keeping, meaning it could not confirm how many pieces of footage were permanently lost; and
Not identifying the security risk in relation to transferring of personal data between IT systems.
The files disappeared in July 2023 during a third-party data transfer following an IT upgrade and while most footage had been duplicated into a new system, gaps in record management left uncertainty over how much evidence was permanently lost.
The ICO confirmed the incident touched 126 criminal cases, with three directly affected.
Investigations head Sally Anne Poole said: “This incident highlights the importance of having detailed policies and procedures in place to mitigate against the loss of evidence.
“People rightly have high expectations that our police forces and services, which protect us, also protect the personal information they hold. There is a lot to be learned from this incident and I encourage police forces and services and other organisation using this type of technology to check and make improvements where they find potential flaws.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
