Menu
03/10/2024
PSNI Fined £750,000 For Data Breach
The Information Commissioner's Office (ICO) has imposed a fine of £750,000 on the Police Service of Northern Ireland (PSNI) for a significant data breach that exposed the personal information of its entire workforce.
The breach occurred when hidden data on a spreadsheet released in response to a freedom of information request revealed the surnames, initials, ranks, and roles of all 9,483 PSNI officers and staff. The ICO's investigation found that the breach could have been prevented by implementing simple procedures.
The regulator considered the PSNI's current financial situation and decided to apply a reduced fine under the public sector approach. Had this not been applied, the fine could have amounted to £5.6 million.
The breach has caused significant concern among PSNI employees, many of whom fear for their safety. The incident highlights the importance of robust data protection measures to safeguard sensitive personal information.
John Edwards, UK Information Commissioner said: "I cannot think of a clearer example to prove how critical it is to keep personal information safe.
"It is impossible to imagine the fear and uncertainty this breach – which should never have happened - caused PSNI officers and staff. A lack of simple internal administration procedures resulted in the personal details of an entire workforce – many of whom had made great sacrifices to conceal their employment – being exposed.
"Whilst I am aware of the financial pressures facing PSNI, my role as Commissioner is to take action to protect people's information rights and this includes issuing proportionate, dissuasive fines. I am satisfied, with the application of the public sector approach, this has been achieved in this case.
"Let this be a lesson learned for all organisations. Check, challenge and change your disclosure procedures to ensure you protect people's personal information."
PSNI, Chief Constable Jon Boutcher said: "Today's confirmation that the ICO has imposed a £750,000 fine on the Police Service of Northern Ireland is regrettable, especially given the financial constraints we are currently facing. This fine will further compound the pressures the Service is facing. Although the majority of the cost (£610,000) was accounted for against the budget last year, a further £140,000 will now be charged against our budget in the current financial year.
"Following the ICO's announcement in May that they intended to impose a fine and issue an Enforcement Notice we made representations regarding the level of the fine and the requirements in their enforcement notice. While we are extremely disappointed the ICO have not reduced the level of the fine we are pleased that they have taken the decision not to issue an Enforcement Notice. That decision is as a direct result of the police service proving to the ICO that we had implemented the changes recommended to improve the security of personal information in particular when responding to FOI requests.
"We continue to progress the recommendations made by the ICO and also the recommendations made by the Independent Review Team who published their findings in December 2023, including the establishment of the Deputy Chief Constable as the Senior Information Risk Owner (SIRO) and the establishment of a Strategic Data Board and Data Delivery Group, ensuring that information security and data protection matters are afforded the support and attention they critically deserve.
"Work is ongoing to ensure everything that can be done is being done to mitigate any risk of such a loss occurring in the future."
The breach occurred when hidden data on a spreadsheet released in response to a freedom of information request revealed the surnames, initials, ranks, and roles of all 9,483 PSNI officers and staff. The ICO's investigation found that the breach could have been prevented by implementing simple procedures.
The regulator considered the PSNI's current financial situation and decided to apply a reduced fine under the public sector approach. Had this not been applied, the fine could have amounted to £5.6 million.
The breach has caused significant concern among PSNI employees, many of whom fear for their safety. The incident highlights the importance of robust data protection measures to safeguard sensitive personal information.
John Edwards, UK Information Commissioner said: "I cannot think of a clearer example to prove how critical it is to keep personal information safe.
"It is impossible to imagine the fear and uncertainty this breach – which should never have happened - caused PSNI officers and staff. A lack of simple internal administration procedures resulted in the personal details of an entire workforce – many of whom had made great sacrifices to conceal their employment – being exposed.
"Whilst I am aware of the financial pressures facing PSNI, my role as Commissioner is to take action to protect people's information rights and this includes issuing proportionate, dissuasive fines. I am satisfied, with the application of the public sector approach, this has been achieved in this case.
PSNI, Chief Constable Jon Boutcher said: "Today's confirmation that the ICO has imposed a £750,000 fine on the Police Service of Northern Ireland is regrettable, especially given the financial constraints we are currently facing. This fine will further compound the pressures the Service is facing. Although the majority of the cost (£610,000) was accounted for against the budget last year, a further £140,000 will now be charged against our budget in the current financial year.
"Following the ICO's announcement in May that they intended to impose a fine and issue an Enforcement Notice we made representations regarding the level of the fine and the requirements in their enforcement notice. While we are extremely disappointed the ICO have not reduced the level of the fine we are pleased that they have taken the decision not to issue an Enforcement Notice. That decision is as a direct result of the police service proving to the ICO that we had implemented the changes recommended to improve the security of personal information in particular when responding to FOI requests.
"We continue to progress the recommendations made by the ICO and also the recommendations made by the Independent Review Team who published their findings in December 2023, including the establishment of the Deputy Chief Constable as the Senior Information Risk Owner (SIRO) and the establishment of a Strategic Data Board and Data Delivery Group, ensuring that information security and data protection matters are afforded the support and attention they critically deserve.
"Work is ongoing to ensure everything that can be done is being done to mitigate any risk of such a loss occurring in the future."
Related Northern Ireland News Stories
Click here for the latest headlines.
23 May 2024
PSNI To Be Fined £750,000 For Major Data Breach
The PSNI is to be fined £750,000 following a data breach that exposed the personal information of all serving officers and police staff. The Information Commissioner's Office (ICO) has issued the fine for the PSNI's failure to protect the personal information of its entire workforce.
PSNI To Be Fined £750,000 For Major Data Breach
The PSNI is to be fined £750,000 following a data breach that exposed the personal information of all serving officers and police staff. The Information Commissioner's Office (ICO) has issued the fine for the PSNI's failure to protect the personal information of its entire workforce.
11 August 2010
Street Drinkers Pay The Cost
Five people have been fined at Belfast Magistrates Court for drinking alcohol in public. Tyrone McCann, from Richmond Avenue in Newtownabbey, was fined £50 and ordered to pay costs of £66 after he was detected drinking alcohol at Suffolk Road in west Belfast on January 16.
Street Drinkers Pay The Cost
Five people have been fined at Belfast Magistrates Court for drinking alcohol in public. Tyrone McCann, from Richmond Avenue in Newtownabbey, was fined £50 and ordered to pay costs of £66 after he was detected drinking alcohol at Suffolk Road in west Belfast on January 16.
18 August 2023
Arrest Made In Connection With PSNI Data Breach
A 50-year-old man has been arrested by detectives investigating the PSNI data breach.
Arrest Made In Connection With PSNI Data Breach
A 50-year-old man has been arrested by detectives investigating the PSNI data breach.
10 August 2023
PSNI Reveals Further Data Breach In July Theft
The PSNI has revealed a further data breach in the theft of a laptop and radio on 6th July.
PSNI Reveals Further Data Breach In July Theft
The PSNI has revealed a further data breach in the theft of a laptop and radio on 6th July.
17 August 2023
Man Arrested Following Investigation Linked To PSNI Data Breach
A man has been arrested as part of an investigation linked to a major PSNI data breach. The 39-year-old has been detained after he was arrested following a search in Lurgan, Co Armagh. He was arrested on suspicion of of collection of information likely to be of use to terrorists.
Man Arrested Following Investigation Linked To PSNI Data Breach
A man has been arrested as part of an investigation linked to a major PSNI data breach. The 39-year-old has been detained after he was arrested following a search in Lurgan, Co Armagh. He was arrested on suspicion of of collection of information likely to be of use to terrorists.
-
Northern Ireland WeatherToday:The day will be very windy with strong to gale force westerly winds becoming occasionally severe along the north coast. Sunny spells will be interspersed with scattered showers. Maximum temperature 8 °C.Tonight:West to northwest gale force winds, severe along the north coast, will continue overnight. Frequent showers persist, merging into longer periods of rain at times and turning wintry. Minimum temperature 1 °C.
