PSNI: Federation welcomes initial findings into data breach

The Police Federation for Northern Ireland today (Thursday) welcomed the Information Commissioner’s Office provisional findings report into the unprecedented PSNI data breach.

The report proposed a fine of £750,00 which the ICO said was a significant reduction to ensure public money was not diverted to other areas of need'

It said the breach was a "potentially life-threatening incident" which caused "untold anxiety and distress".

Data relating to all 9,483 PSNI officers and staff was included in a spreadsheet published online last August in response to a freedom of information request.

The list included the surname and first initial of every employee, their rank or grade, where they are based and the unit in which they work.

Police later said the information had got into the hands of dissident republicans.

Responding to the fine PFNI Chair, Liam Kelly said: “The provisional fine of £5.6 million reflects the gravity of the breach which exposed the surname, initials, rank and role of all officers and staff. The Commissioner has decided to use his public sector approach discretion to reduce this to potentially £750,000.

“The ICO has clearly considered the parlous state of the PSNI which once again faces massive under-funding. In the context of what penalty could have been applied, I have to say the PSNI got off lightly and I welcome that fact.

“However, I’m sure that £750,000 could have been put to better use within the workplace and supporting local community projects. I support the PSNI in making this case before the ICO finalises its decision.

“The ICO has confirmed there were dangerous failings to protect personal information and a shocking absence of protocols for the safe disclosure of information.

“The Commissioner acknowledges the ‘many harrowing stories’ investigators heard about the impact of ‘this avoidable error’. Pointing up situations where people felt they had to move house, cut off ties with family members and completely alter daily routines underline the seriousness of what happened.

“There was, as the ICO says, ‘tangible fear of threat to life’ and it’s clear from this damning report that there was no holding back or minimising what officers and staff were confronted with as a result of personal information reaching the public domain.

“A preliminary enforcement notice has also been issued by the ICO. Thankfully, as a result of the external review process following the data breach, the principal issues have already been identified and PSNI has either completed or made solid progress in concluding the remedial work required in relation to its systems and processes.

“This kind of egregious error can never be allowed to happen again and that must mean the organisation ensures watertight data defences are in place and that they operate the most stringent possible processes and protocols in the future.”