Watchdog ICO fines PSNI £750,000 for major data breach, but says amount reduced from £5.6m because of force's 'financial constraints'

PSNI Chief Constable Jon Boutcher said 'work is ongoing' to mitigate against any similar breaches in the futurePSNI Chief Constable Jon Boutcher said 'work is ongoing' to mitigate against any similar breaches in the future
PSNI Chief Constable Jon Boutcher said 'work is ongoing' to mitigate against any similar breaches in the future
​​The PSNI has been fined £750,000 for a major data breach in which the personal information of staff and officers was released.

The Information Commissioner’s Office (ICO) fined the organisation for the “serious” breach that left many PSNI workers fearing for their safety and said “simple-to-implement” procedures could have prevented it.

The breach happened in August 2023, when a spreadsheet released as part of a freedom of information request held hidden data with the initials, surname, rank and role of all 9,483 PSNI officers and staff.

Hide Ad
Hide Ad

Police later said the information had got into the hands of dissident republicans.

In the aftermath of the leak, some officers chose to relocate their homes, cut contact with family members, and change daily routines.

The UK data regulator said that the fine should have been £5.6 million, but as it was “mindful” of the financial constraints faced by the PSNI, it used its discretion to reduce the total amount.

The ICO investigation found that the breach caused anxiety and distress for PSNI staff and officers, with some stating that they had left the organisation or lost sleep due to concern about their safety.

Hide Ad
Hide Ad

UK Information Commissioner John Edwards said: “I cannot think of a clearer example to prove how critical it is to keep personal information safe.

“It is impossible to imagine the fear and uncertainty this breach – which should never have happened – caused PSNI officers and staff.

“A lack of simple internal administration procedures resulted in the personal details of an entire workforce – many of whom had made great sacrifices to conceal their employment – being exposed.

“Whilst I am aware of the financial pressures facing PSNI, my role as commissioner is to take action to protect people’s information rights and this includes issuing proportionate, dissuasive fines. I am satisfied, with the application of the public sector approach, this has been achieved in this case.

Hide Ad
Hide Ad

“Let this be a lesson learned for all organisations. Check, challenge and change your disclosure procedures to ensure you protect people’s personal information.”

PSNI Chief Constable Jon Boutcher said that the service was “in a different place today than we were last August”.

He said that “tireless” work continues to “devalue” the compromised dataset, and “significant” crime prevention advice has been offered to officers and staff.

He added: “Today’s confirmation that the ICO has imposed a £750,000 fine on the Police Service of Northern Ireland is regrettable, especially given the financial constraints we are currently facing.

Hide Ad
Hide Ad

“This fine will further compound the pressures the service is facing. Although the majority of the cost (£610,000) was accounted for against the budget last year, a further £140,000 will now be charged against our budget in the current financial year.”

He said: “While we are extremely disappointed the ICO have not reduced the level of the fine we are pleased that they have taken the decision not to issue an Enforcement Notice.

“That decision is as a direct result of the police service proving to the ICO that we had implemented the changes recommended to improve the security of personal information in particular when responding to FOI requests.

Work is ongoing to ensure everything that can be done is being done to mitigate any risk of such a loss occurring in the future.”

Hide Ad
Hide Ad

The Police Federation for Northern Ireland (PFNI) said it was “disappointed” at the £750,000 fine on an “already cash-strapped” organisation.

PFNI chairman Liam Kelly said the breach caused “widespread understandable distress and concern” and forced people to rethink their personal security.

He added: “A fine of this magnitude on an already cash-strapped PSNI will have a negative impact on the organisation. Even though provision was made for most of this last year, there is still a hefty sum of money to come out of the current budget.

“We’re disappointed that our submissions on the level of the fine were not fruitful.

Hide Ad
Hide Ad

“We would have preferred if PSNI could have been permitted to alternatively spend the funds on enhancing its data security and provide much needed reinvestment in community safety initiatives such as road safety programmes and CCTV funding in partnership with local Councils.

“We’re grateful the Information Commissioner’s Office applied discretion on the level of fine to be imposed which would have been £5.6 million. Had that happened, I have no doubt that immense harm would have been caused to the service and the range of services the public have a right to expect.”

Related topics:
News you can trust since 1737
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice