Mat Hayward – stock.adobe.com
Information commissioner John Edwards uses discretion to reduce proposed fine from £5.6m to £750,000
Published: 23 May 2024 11:39
Northern Ireland’s police service faces a £750,000 fine from the data protection regulator after mistakenly disclosing the names of all serving officers and staff in a spreadsheet published online.
The data breach by the Police Service of Northern Ireland (PSNI), described as the most significant in the history of UK policing, is understood to have led to the personal data of police officers and staff falling into the hands of dissident republic groups.
The information commissioner said the breach had led to police employees having to move house or cut themselves off from family members because of “tangible concerns of loss of life”.
The proposed fine follows the PSNI’s accidental publication of the surnames, initials, rank and roles of all 9,483 service PNSI officers and other staff in a “hidden” tab of a spreadsheet published online in response to a freedom of information (FOI) request in August 2023.
The ICO has provisionally found the PSNI’s internal procedures and sign-off protocols for the safe disclosure of information to be inadequate.
John Edwards, the UK information commissioner, said it was troubling that simple, practical-to-implement policies could have prevented the potentially life-threatening incident.
“Throughout our investigation, we heard many harrowing stories about the impact this avoidable error has had on people’s lives – from having to move house to cutting themselves off from family members and completely altering their daily routines because of the tangible fear of threat to life,” he said.
The publication of the names, ranks and roles of PSNI’s serving officers had caused “untold anxiety and distress to those directly affected as well as their, families, friends and loved ones”.
Edwards said he had used his discretion to reduce the siz
