Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
UK: ICO to fine PSNI £750,000 over data security failures
On May 23, 2024, the Information Commissioner's Office (ICO) announced it intended to issue a fine of £750,000 on the Police Service of Northern Ireland (PSNI) for failing to protect the personal information of its workforce, following an investigation.
Background to the decision
In particular, the ICO stated that the personal information of all 9,483 serving PSNI officers and staff, including surname, initials, rank, and role, was included in a hidden tab of a spreadsheet published online in response to a freedom of information (FOI) request.
Findings of the ICO
The ICO's investigation provisionally found that the PSNI's internal procedures and sign-off protocols for the safe disclosure of information were inadequate. Further, the ICO explained that the data breach brought tangible fear of threat to life.
Outcomes
Accordingly, the ICO stated that it intended to impose a fine of £750,000 on the PSNI. In addition, the ICO noted that the PSNI had also been issued with a preliminary enforcement notice, requiring it to improve the security of personal information when responding to FOI requests.
You can read the press release here.