HQ/EMEAFind out how we can help your business
The UK’s Information Commissioner Office (ICO) proposes to penalise the Police Service of Northern Ireland (PSNI) £750,000 for unintentionally uploading a spreadsheet online that exposed its workforce’s personal information.
The PSNI inadvertent leak occurred on August 8, 2023, when the police force revealed that an error happened during a response to a Freedom of Information (FOI) Request. The response exposed the data of about 9,483 current officers and staff, which contained surnames, initials, ranks, roles, and addresses.
ICO explained that the breach exposed individuals to serious bodily risk caused by PSNI’s poor data security and was entirely preventable. Moreover, they announced that they intend to fine the PSNI £750,000 for failing to protect the personal information of its workforce.
PSNI is allegedly careless in handling the personal information, which caused the leak.
It was provisionally found that the PSNI internal procedures and sign-off protocols for the safe disclosure of information were inadequate.
The ICO’s investigation into the incident indicated that the incident may cause the potentially affected individuals to relocate to new physical addresses, cut off communication and relationships with family members to protect themselves from potential damage, and ultimately change their daily lives.
In addition, the Commissioner noted that the proposed fine for PSNI is significantly lower than the provisional number of £5.6 million since the PSNI is a public agency with a limited budget that provides critical services to the community.
The ICO has also given PSNI a preliminary enforcement notice seeking data security changes in processing FOI requests. On the other hand, PSNI responded to the ICO’s action after accepting the penalty and stated they are working to adopt all the proposed adjustments.
Furthermore, the police department has provided officers with crime prevention information, online resources, and house visits.
At the same time, 90% of the exposed offices and staff accepted a £500 ($635) refund in December 2023. The investigation into who holds the leaked data is ongoing, with officers executing several searches and arrests relating to illegally disseminating the stolen data collection.
Personnel affected by this incident should still be cautious as the exposed data could have reached threat actors who can execute malicious activities.
