The Police Service of Northern Ireland (PSNI) is facing a potential fine of £750,000 for a major data breach that occurred last year, according to UK Information Commissioner John Edwards. The breach, which occurred when the PSNI responded to a Freedom of Information request, resulted in the personal information of 9,483 policing and civilian employees being published online.
The sensitive nature of the breach, which included the names, ranks, and roles of all serving PSNI officers and staff, has raised concerns about the safety and security of those affected. Edwards stated that the breach created a “perfect storm of risk and harm” and highlighted the damaging effects of poor data security.
While the potential fine could have been as high as £5.6 million, Edwards used discretion to reduce the amount to ensure that public funds are not diverted from essential services. The PSNI has been issued with a preliminary enforcement notice to improve the security of personal information when responding to FOI requests.
The Chief Constable Jon Boutcher has announced that every PSNI officer and staff member will be offered a one-off payment of £500 to help with home security measures in light of the breach. The PSNI has also launched an investigation to identify those in possession of the information and has made several arrests in connection with the data loss.
The PSNI has 28 days to respond to the proposed fine, and Deputy Chief Constable Chris Todd has stated that specific measures have been put in place for individuals within the service. The incident ultimately led to the resignation of former Chief Constable Simon Byrne.
The PSNI’s handling of the data breach serves as a cautionary tale for organizations to prioritize data security and implement robust measures to protect personal information. The potential fine underscores the importance of safeguarding sensitive data and the consequences of failing to do so.