PSNI facing Â750k fine following data breach that exposed personal information of more than 9000 staff â The Irish News

pThe PSNI is facing a Â750000 fine following the spreadsheet error that exposed the personal information of its entire workforceppThe Information Commissionerâs Office ICO said the fine comes after information relating to more than 9000 serving PSNI officers and staff was published online in August last yearppAn investigation by the ICO has provisionally found the PSNIâs âinternal procedures and signoff protocols for the safe disclosure of information were inadequateâppIt comes after the personal information â including surname initials rank and role of all 9483 serving PSNI officers and staff â was included in a âhiddenâ tab of a spreadsheet published online in response to a freedom of information request FOIppThe ICO said the PSNI could be fined Â750000 for âfailing to protect the personal information of its entire workforceâppBut it said the fine could have been Â56 million if a âpublic sector approach not been appliedâppIt said in September 2023 the Commissioner issued an advisory notice with recommendations public authorities should adopt to ensure personal information is not inappropriately included as part of a FOI responseppIt said recognising âpublic money is best used to support the delivery of essential services the Commissioner used his discretion to apply the public sector approach when calculating the PSNI provisional fine amountâppIt added that the approach is to âensure public money is not diverted away from where it is needed most while maintaining the right to issue fines in the most serious of casesâppJohn Edwards UK Information Commissioner said âThe sensitivities in Northern Ireland and the unprecedented nature of this breach created a perfect storm of risk and harm â and show how damaging poor data security can beppâThroughout our investigation we heard many harrowing stories about the impact this avoidable error has had on peopleâs lives â from having to move house to cutting themselves off from family members and completely altering their daily routines because of the tangible fear of threat to lifeppâAnd whatâs particularly troubling to note is that simple and practicaltoimplement policies and procedures would have ensured this potentially lifethreatening incident which has caused untold anxiety and distress to those directly affected as well as their families friends and loved ones did not happen in the first placeppâI am publicising this potential action today to once again highlight the need for all organisations to check challenge and where necessary change disclosure procedures to ensure they have robust measures in place to protect the personal information people entrust to themâppThe ICO said the PSNI has been issued with a preliminary enforcement notice which requires the force to improve the security of personal information when responding to FOI requestsppIt added the Commissionerâs findings are provisional and he will carefully consider any representations PSNI make before making a final decision on the fine amountppIn a statement the Policing Board said it âremains profoundly aware of the personal and professional impact that the 8 August data breach has had on officers and staffâpp The Board has continued to engage with both PSNI and staff associations over the last nine months to assess the ongoing effects of the breach and we welcome the actions taken by PSNI to mitigate the immediate impact and support those affectedppâPSNI have accepted the recommendations made in the jointly commissioned independent review into the data breach and at our July board meeting we expect a detailed update on their implementationppâThe board will continue to monitor the timely implementation of these recommendations alongside any additional recommendations made by the Information Commissionerâs Officeâpp1pp2pp3pp4pp5pp1pp2pp3pp4pp5pp2024 The Irish News Ltdp