Staff Data Breach: British Police Could Be Fined £750k

The Police Service of Northern Ireland (PSNI) could be fined £750,000 for a major data breach last year after mistakenly disclosing the names of all 9,483 serving officers and staff in a spreadsheet published online. It was subsequently confirmed that the information was in the hands of potentially deadly dissident Republicans.  

While the PSNI has said it cannot afford such a fine, however if ir were not a public body, the fine would have been in the millions. The British data regulator, the Information Commissioner's Office (ICO), has announced that the proposed fine could be imposed on the PSNI "for failing to protect the personal information of its entire workforce".

The breach happened when police answered a Freedom of Information request and information was published online about the PSNI's 9,483 policing and civilian employees and the personal information included the surname, initials, rank, and role of all serving PSNI officers and staff.

In provisional findings announced recently, UK Information Commissioner John Edwards said: “The sensitivities in Northern Ireland and the unprecedented nature of this breach created a perfect storm of risk and harm, and show how damaging poor data security can be." He added: “Throughout our investigation, we heard many harrowing stories about the impact this avoidable error has had on people’s lives, from having to move house, to cutting themselves off from family members and completely altering their daily routines because of the tangible fear of threat to life."

The proposed fine is provisional to allow the PSNI to make representations before a final decision.Mr Edwards also revealed that the potential fine could have been £5.6m, but he used discretion to significantly reduce the amount to ensure public money is not diverted from where it is most needed.

The ICO has issued the PSNI with a preliminary enforcement notice requiring the police service to improve the security of personal information when responding to Freedom of Information requests.  

The PSNI  Chief Constable, Jon Boutcher, has previously announced that every PSNI officer and staff member would be offered a one-off payment of £500 to help with home security measures following the data breach. The incident contributed to the resignation of the previous Chief Constable who has now left the force.

ICO   |   Irish News   |   BBC   |   Scottish Legal   |    Personnel Today  |   Computer Weekly   |   Bleeping Computer 

You Might Also Read: 

Another British Police Force Leaks Confidential Data:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Time For Cyber Force
Facial Recognition Technology Defects »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.