Britain's data cops have coughed to a serious security screw-up at the Information Commissioner's Office, and concluded that the ICO - only mildly - violated the Data Protection Act that it is supposed to police.

It carried out an internal probe into what the ICO passively described as a "non-trivial security incident" that happened at some point in the last 12 months.

The regulator said:

It was investigated and treated no differently from similar incidents reported to us by others. We also conducted an internal investigation. It was concluded that the likelihood of damage or distress to any affected data subjects was low and that it did not amount to a serious breach of the Data Protection Act. A full investigation was carried out with recommendations made and adopted. The internal investigation was also concluded.

But according to The Times , which spotted the blunder, the ICO has refused to reveal any further details about the incident.

At the time of writing The Register had not heard back from the watchdog. We were curious to know why the matter wasn't treated independently of the ICO, given that it happened at Commissioner Christopher Graham's office.

The only way to furtle more details from the data cops would be to submit a Freedom of Information request, the ICO apparently told The Times .

A "personal data incidents" statement was buried on page 46 of the ICO's annual report (PDF), which unsurprisingly called for more money and greater powers.

It's unclear if the ICO fined the ICO or let the ICO off with a gentle warning from the ICO. ®