What happened, who was affected, and what we can learn…
August was a month that raised serious questions about accountability in UK policing and data protection. South Yorkshire Police admitted to losing over 96,000 body-worn video files in a botched system migration, while an Independent Office for Police Conduct (IOPC) investigator was prosecuted for mishandling sensitive case materials. At the same time, the Information Commissioners Office (ICO) began rolling out consultations tied to the new Data (Use and Access) Act 2025, signalling tougher expectations for organisations across the board.
South Yorkshire Police
Date Reported: 18th August, 2025
No. of UK Individuals Affected: Not confirmed (but 96,000+ body-worn video files impacted).
Data Exposed or at Risk: Body-worn video footage tied to criminal cases; potential loss of critical evidential material (availability/integrity breach).
ICO Response: Reprimand; the ICO criticised failures in backup, record-keeping, and risk management during system migration.
Summary: South Yorkshire Police permanently deleted over 96,000 pieces of body-worn video while transferring systems. The ICO found a lack of tested backups, inadequate records of what was held, and poor risk assessments when moving evidential data.
Commentary: For a police force, this is indefensible. The public expects the police to protect evidence, not wipe it out through incompetence. Losing such a vast trove of potential trial material undermines trust in both policing and justice. The ICO’s decision to issue only a reprimand feels light when you consider the stakes—hundreds of cases risked being compromised, and the excuse of “poor process” doesn’t wash when you’re dealing with criminal justice. If businesses were this careless, they’d face crippling fines. Law enforcement shouldn’t get a pass.
Independent Office for Police Conduct (IOPC)
Date Reported: 4th August, 2025
No. of UK Individuals Affected: Not disclosed.
Data Exposed or at Risk: Restricted case materials, including 999 call recordings, emailed to a personal account (confidentiality breach).
ICO Response: Prosecution; an individual pleaded guilty under the Data Protection Act; fined £200 plus £2,000 costs.
Summary: An IOPC investigator sent confidential case material, including emergency call recordings, to his private email account. The ICO prosecuted, and the court handed down a modest fine.
Commentary: While the individual was held accountable, the bigger question is; how did the system allow this in the first place? Sensitive evidence should never be capable of being emailed out to personal accounts. Technical controls clearly weren’t up to scratch, and oversight failed. £200 (plus costs) is hardly a deterrent either; it makes the misuse of deeply personal, sometimes traumatic data look like a parking ticket offence.
Insights for UK Organisations
- Availability is part of data protection. SYP’s debacle proves that data loss can be just as damaging as a leak. If you can’t protect the evidence, you jeopardise justice.
- Accountability needs consistency. Businesses get hammered for sloppy practices, while a police force gets a reprimand for deleting evidence. This double standard risks public confidence in the ICO itself.
- Human misuse needs prevention, not punishment after the fact. The IOPC case shows that weak controls let staff get away with behaviour that never should have been technically possible.
Legislative Context
August also marked the staged commencement of the Data (Use and Access) Act 2025, with ICO consultations launched on complaint handling and recognised legitimate interests. These developments put sharper obligations on all organisations; but whether public bodies like the police will be held to the same standard in practice remains to be seen.
Conclusion
August’s breaches demonstrate a troubling theme: law enforcement bodies failing to meet the standards they enforce on everyone else. South Yorkshire Police’s loss of evidence on such a scale should raise alarm across the justice system. The ICO’s soft response risks sending the wrong message; that police forces can mishandle critical data without facing the consequences businesses routinely suffer. Trust in policing is fragile; mishandling evidence like this makes it even harder to repair.
Disclaimer
This report is based on public disclosures, media reports, and ICO updates available at the time of writing. Figures for affected individuals may be estimated where not officially disclosed. This post is intended for informational purposes only and does not constitute legal advice.
Sources:
- South Yorkshire Police reprimanded following deletion of body-worn video evidence.
- Police conduct investigator fined after unlawfully obtaining sensitive case details.
- ICO launches consultations for Data (Use and Access) Act 2025 amendments.
- ICO consultation on draft recognised legitimate interest guidance.
- The Data Use and Access Act 2025 (DUAA) – what does it mean for organisations?
- DUAA schedules/commencement note.
- South Yorkshire Police reprimanded after deleting 96,000 pieces of bodycam evidence.
- South Yorkshire Police body cam footage was deleted in these 126 cases.
