PSNI fined £750,000 for ‘egregious’ data breach

UTV
psni
Data breach
Thursday 3 October 2024 at 6:20pm

The Police Service of Northern Ireland has been fined £750,000 for an “egregious” data breach in which the personal information of staff and officers was released.

The Information Commissioner’s Office (ICO) fined the organisation for the “serious” breach that left many PSNI workers fearing for their safety and said “simple-to-implement” procedures could have prevented it.

The ICO had previously announced its intention in May to fine the organisation £750,000 and Thursday’s announcement is confirmation of the final figure.

The breach happened in August 2023, when a spreadsheet released as part of a freedom of information request held hidden data with the initials, surname, rank and role of all 9,483 PSNI officers and staff.

Police later said the information had got into the hands of dissident republicans. In the aftermath of the leak, some officers chose to relocate their homes, cut contact with family members, and change daily routines.

The UK data regulator said that the fine should have been £5.6 million, but as it was “mindful” of the financial constraints faced by the PSNI, it used its discretion to reduce the total amount.

The ICO investigation found that the breach caused anxiety and distress for PSNI staff and officers, with some stating that they had left the organisation or lost sleep due to concern about their safety.

UK Information Commissioner John Edwards said it was “a lack of simple, internal processes” that led to the “particularly egregious breach."

He said it served as “a lesson for all organisations” to check their process around data protection.

Deputy Chief Constable Chris Todd said he wanted to acknowledge the impact the breach had, which was “difficult” for staff and officers.

Mr Todd was asked about what the total costs would be, Mr Todd said that a universal payment of up to £500 for individual security measures for staff and officer had cost £3.4 million.

He said that around 7,000 claimants had taken legal action against the organisation over the breach, which he said would be “the biggest chunk of expenditure."

“In June, that process went before the courts and we accepted liability, so that was committed to in June and the courts are now working through that process to determine how much exactly that will be,” he said.

He said the £750,000 fine will “add to pressures” on “woefully underfunded” police services.

“We made the representations obviously hopeful that there might be an adjustment,” he said, adding that they would not be appealing the amount.

PSNI Chief Constable Jon Boutcher said that the service was “in a different place today than we were last August."

He said that “tireless” work continues to “devalue” the compromised dataset, and “significant” crime prevention advice has been offered to officers and staff.

He added: “Today’s confirmation that the ICO has imposed a £750,000 fine on the Police Service of Northern Ireland is regrettable, especially given the financial constraints we are currently facing.

Catch up with the latest UTV Live on ITVX

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know.