Just one police force achieved the top data protection rating in an Information Commissioner's Office (ICO) report published this week.
The ICO's year-long audit of 17 unnamed police forces found only one met the standards of 'high assurance' in all areas of data handling, while six were deemed to give only 'limited assurance' around their data.
The audit, which covers 12 months to the end of April, judged how well the forces met the requirements of the 1998 Data Protection Act (DPA), and looked at data protection governance, records management, handling requests for personal data, staff training and awareness, and data sharing.
Ten forces were found to have an overall 'reasonable assurance' rating, but across the separate areas of focus, one force was found to be 'very limited' in its ability to manage records securely, and one found to be 'very limited' in its ability to share data securely.
Scope for improvement was suggested in all the ratings save 'high assurance', which the ICO defined as: "Limited scope for improving existing arrangements. Significant action unlikely to be required."
No forces fell into the 'very limited' category overall, which warns of "substantial risk of non-compliance with DPA".
The report comes after Kent Police was fined £100,000 in March after interview tapes were found abandoned at a former station.
The Data Protection Act is part of UK law but new EU data protection regulations are expected to be passed into law at the end of the year.