Safeguarding Data: Lessons from the PSNI Data Breach

A breach of your organisations personal data can have significant impacts on individuals impacted, staff and the organisation as a whole.  This was significantly highlighted by the Police Service of Northern Ireland [PSNI] data breach in 2023, where inappropriate handling of a Freedom of Information request led to the details of almost 9,500 PSNI officers and staff being posted online, creating a potential security threat to these staff.

“The PSNI data breach is an example of how inadequate data-sharing practices can lead to severe consequences—not only risking individuals’ security but also exposing organisations to legal and financial repercussions. Proactively establishing rigorous checks and controls can make all the difference.” — Helen McElroy, Senior Information Governance Consultant at Evolve North

PSNI data breach: ‘Disappointment’ after no reduction in £750k fine – BBC News

The ICO highlighted the fear and uncertainty caused to staff as part of its investigations and news reports stated that approximately 5000 staff members took legal action against PSNI because of this.

In addition to the significant distress caused to individuals, PSNI were fined £750 thousand pounds by the ICO, a fine which could have been £5.6 million had the fact that they were a public sector organisation not been taken into consideration.

The ICO concluded that insufficient checking procedures prior to the release of this information was to blame and have since shared further guidance on how to limit risk when disclosing data in relation to information sharing requests.

How to disclose information safely

If you would like some help to understand how your personal data is currently being shared, with reviewing your current data sharing practices or need more help generally on how to manage data breaches, call us on 01748 905 002 or email info@evolvenorth.com

Previous ArticleNext Article