Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

PSNI fined £750,000 over severe data breach that saw staff personal details published online

The breach occurred last August and affected some 10,00 officers ad staff.

LAST UPDATE | 23 May

THE POLICE SERVICE of Northern Ireland has said it is “regrettable” that it has been landed with a hefty fine by the Information Commissioner’s Office after a data loss that saw personal details of police officers published online.

According to the PSNI’s statement, the ICO intends to fine the force over a serious data breach that occurred on 8 August last year.

The data breach, which affected some 10,000 officers and staff, occurred when the service responded to a Freedom of Information request seeking the number of officers and staff of all ranks and grades across the organisation.

In the published response to this request, a table was embedded which contained the rank and grade data, but also included detailed information that attached the surname, initial, location and departments for all PSNI employees.

The data was potentially viewable by the public for between 2.5 to three hours. The PSNI called it a “critical incident”.

In a statement today, PSNI Deputy Chief Constable Chris Todd said the force accepts “the ICO’s Notice of Intent to Impose a Penalty and we acknowledge the learning highlighted in their Preliminary Enforcement Notice”.

“We will now study both documents and are taking steps to implement the changes recommended.”

He said the announcement of the fine was “regrettable, given the current financial constraints we are facing and the challenges we have, given our significant financial deficit to find the funding required to invest in elements of the requisite change”.

We will make representations to the ICO regarding the level of the fine before they make their final decision on the amount and the requirements in their enforcement notice.

MPs in the UK were told back in September last year that data breach could potentially cost the force £240 million (€281 million) in security and legal costs.

“The reports highlight once again the lasting impact this data loss has had on our officers and staff and I know this announcement today will bring those to the fore again,” Todd said.

He said officers have worked to “devalue the compromised dataset by introducing a number of measures for officers and staff”.

“We provided significant crime prevention advice to our officers and staff and their families via online tools, advice clinics and home visits,” he said.

He said a payment of up to £500 was also made available to each PSNI officer and staff affected, for them to purchase equipment or items for their safety needs, and that “90% of officers and staff took up this offer of financial support”.

“An investigation to identify those who are in possession of the information and criminality linked to the data loss continues. Detectives have conducted numerous searches and have made a number of arrests as part of this investigation,” Todd said.

He said the force was now working to implement the recommendations of a review into the loss. 

“Work is ongoing to update current policies and develop a new Service Instruction as recommended by the ICO,” he said.

“Training of officers and staff is ongoing to ensure everything that can be done is being done to mitigate any risk of such a loss occurring in the future.”

‘Sensitivities’

John Edwards, UK Information Commissioner, said in a statement that the “sensitivities” in Northern Ireland and the “unprecedented nature of this breach” created a “perfect storm of risk and harm – and show how damaging poor data security can be”.

He said the investigation had heard many “harrowing” stories about the impact of the breach on people’s lives.

Affected individuals reported having to move house, cut themselves off from family members, or completely alter their daily routines because of fearing threats to their lives.

“What’s particularly troubling to note is that simple and practical-to-implement policies and procedures would have ensured this potentially life-threatening incident, which has caused untold anxiety and distress to those directly affected as well as their families, friends and loved ones, did not happen in the first place,” Edwards said.

A statement from the Commissioner’s office noted that the findings are provisional and said the Commissioner will consider any representations the PSNI make before issuing a final decision on the fine amount and the requirements in the enforcement notice.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Cormac Fitzgerald
Close
JournalTv
News in 60 seconds