Norfolk and Suffolk Police published personal information of 1,230 people in data breach

Anglia
Norfolk Police
Suffolk Police
Tuesday 15 August 2023 at 2:04pm

Martha Fairlie explains what we know so far about the data breach by Norfolk and Suffolk police forces

Norfolk and Suffolk Police have revealed the personal information of 1,230 people, including victims of crime and witnesses, was included in Freedom of Information (FOI) responses issued by the forces.

The two East Anglian constabularies said a “technical issue” meant raw crime report data was included in a “very small percentage” of FOI responses issued between April 2021 and March 2022.

The data was hidden from anyone opening the files, but it should not have been included, the forces added.

The personal details shared were held on a specific police system and related to crime reports.

It is the latest data breach involving police responses to FOI requests, coming after the Police Service of Northern Ireland published a document which included the names and other details of around 10,000 officers and staff.

The data included personally identifiable information on victims, witnesses, and suspects, as well as descriptions of offences.

It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crimes.

Norfolk and Suffolk Police said a full analysis was being undertaken, adding a process had been launched to contact individuals whose data had been shared.

Any victims of the data breach will be contacted via letter, phone, and in some cases, face-to-face depending on what information was impacted and what support is required.

The forces said they expected this process to be completed by the end of September.

When informed of the data breach, victims will be told all the necessary information including what personal data specific to them has been impacted and details of who they can contact for support, the police forces said.

"Strenuous efforts" have been made to determine if the data released has been accessed by anyone outside of policing, they added, but said nothing had yet been found to suggest this was the case.

If members of the public are not contacted by the constabularies, they do not need to take any action.

The Information Commissioner’s Office (ICO) has been notified and is being kept updated.

Suffolk Police's Assistant Chief Constable Eamonn Bridger, who led the investigation on behalf of both forces, said: “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.

“I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”

Stephen Bonner, deputy commissioner at the ICO, said: “The potential impact of a breach like this reminds us that data protection is about people. It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.

“We are currently investigating this breach and a separate breach reported to us in November 2022.

“In the meantime, we’ll continue to support organisations to get data protection right so that people can feel confident that their information is secure."

A team has been set up to handle queries about the incident.It can be reached on 01603 276647 or by emailing dataincident@suffolk.police.uk.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know…