The Police Service of Northern Ireland (PSNI) is facing a £750,000 fine from the data protection regulator due to a data breach that occurred when the names of all serving officers and staff were mistakenly disclosed in a spreadsheet published online. This breach, considered the most significant in UK policing history, resulted in personal data falling into the hands of dissident republic groups. The breach led to fears for the safety of police officers and staff, with some individuals having to take drastic measures such as moving house or cutting off contact with family members.
The breach occurred when the PSNI accidentally published the names, initials, rank, and roles of all 9,483 service officers and staff in a “hidden” tab of a spreadsheet in response to a freedom of information request in August 2023. The Information Commissioner’s Office (ICO) found the PSNI’s internal procedures for safe disclosure of information to be inadequate.
Despite the severity of the breach, the information commissioner reduced the proposed fine to protect public sector finances, setting it at £750,000 instead of £5.6m. However, the PSNI is still facing financial challenges due to the significant deficit.
PSNI deputy chief constable Chris Todd expressed regret over the fine and highlighted the lasting impact the breach has had on the individuals affected. An investigation is ongoing to identify those in possession of the information and any criminal activity related to the data loss.
The PSNI has provided support to affected officers and staff, including crime prevention advice, financial assistance for safety equipment, and ongoing training to prevent similar incidents in the future. Additionally, an independent review found several failings in the PSNI’s approach to data protection, leading to the implementation of recommendations to improve policies and procedures.
Overall, the PSNI is taking steps to enhance security and ensure the protection of personal information in response to freedom of information requests.
