As has been widely reported, a response to a Freedom of Information request (FOI), submitted by a member of the public to the Police Service of Northern Ireland (PSNI) has, erroneously, released the names of all police and civilian personnel, their roles and where they were based.
A spreadsheet containing PSNI staff details was published on the FOI website ‘What Do They Know’ for 2.5 hours, until it was removed. During that time, the details had already been shared and uploaded to social media.
This sensitive information should simply never have been in the public domain.
This is one of the most significant data breaches we have witnessed in Northern Ireland and affects a large number of individuals.
We are aware that PSNI is currently investigating the matter, describing it as an “unacceptable error”. It is currently unclear as to how the organisation will seek to mitigate the potential risk to their personnel, however this will undoubtedly be their most urgent priority to avoid any further damage to industrial relations.
There can be no doubt that this breach has caused substantial distress. Our data protection and privacy team has already been providing advice and assistance to many of those impacted who are understandably concerned and wish to enforce their legal rights. Anyone seeking legal guidance can contact our Data Protection Specialists on 02890 200050.
In circumstances like this, the crucial nature of watertight data protection policies and processes is pulled into focus. It simply cannot be fathomed that such a large amount of sensitive information could be placed into the public domain – and yet it has been.
We must remember the very real human impact of such a breakdown in employee confidentiality and it is our hope that organisations will reflect on their own processes by way of precaution, so the likelihood of similar crises occurring, is minimised.