Northern Ireland Police gets 750K fine for leaking personal information
The Information Commissioner’s Office (ICO) intends to hand out a 750,000 pound (approximately 880,000 euro) fine to the Police Service of Northern Ireland (PSNI), because the Northern Irish police failed to protect the personal information of its entire workforce.
The data breach occurred in response to a Freedom of Information request. Due to an error a spreadsheet containing a ‘hidden’ tab was published online. This particular tab included detailed personal information of 9,483 PSNI officers and staff, such as surname, initials, rank and role, as well as the location and department they worked for.
As soon as the data breach was discovered, the spreadsheet was taken offline. Various parties however were able to download the document beforehand.
During the ICO investigation, researchers heard many disturbing and terrifying stories about the impact the incident had on the lives of police officers. Some told they moved out or cut ties from family members completely because the data breach brought ‘tangible fear of threat to life’.
“The sensitivities in Northern Ireland and the unprecedented nature of this breach created a perfect storm of risk and harm, and show how damaging poor data security can be. And what’s particularly troubling to note is that simple and practical-to-implement policies and procedures would have ensured this potentially life-threatening incident”, UK Information Commissioner John Edwards said in a statement.
ICO reduces fine significantly
When imposing the fine, ICO held in mind the PSNI is an invaluable part of the public sector. To ensure tax payers’ money wasn’t going to waste, the British data and privacy protection authority lowered the amount to 750,000 pound. If ICO hadn’t taken that into consideration, the fine would have been set to 5.6 million pound (about 6.6 million euro).
In addition to the fine, the Northern Irish police must also implement measures to improve the security of personal information when responding to Freedom of Information requests.
ICO’s findings are provisional, meaning a final decision on the amount of the fine and the requirements in the enforcement notice have yet to be made.
Your email address will not be published. Required fields are marked