In August 2023, Norfolk and Suffolk police forces disclosed a significant data breach affecting 1,230 individuals, including victims and witnesses of various crimes. The breach occurred due to a technical issue that led to the inclusion of personal data in Freedom of Information (FOI) responses issued between April 2021 and March 2022. The data, which was hidden from view within the files, should not have been included. (bbc.co.uk)
Details of the Breach
The compromised data encompassed personal identifiable information on victims, witnesses, and suspects, as well as descriptions of offenses such as sexual and domestic assaults, thefts, and hate crimes. The breach was identified after the FOI responses were sent to individuals, including journalists and researchers. The forces have since initiated a process to contact all affected individuals via letter, phone, or in some cases, face-to-face, depending on the nature of the information impacted and the support required. This process is expected to be completed by the end of September 2023. (suffolk.police.uk)
Response and Investigation
Both Norfolk and Suffolk police forces have apologized for the breach and are reviewing their information-sharing processes to prevent future incidents. The Information Commissioner’s Office (ICO) has been notified and is investigating the matter. Stephen Bonner, deputy commissioner at the ICO, emphasized the importance of robust measures to protect personal information, especially when it is sensitive. (itv.com)
Implications and Lessons Learned
This incident highlights the critical need for stringent data protection protocols within law enforcement agencies. The accidental release of sensitive information not only compromises individual privacy but also erodes public trust in institutions responsible for safeguarding personal data. It serves as a stark reminder of the potential consequences of technical oversights and underscores the necessity for continuous review and improvement of data handling procedures.
References
“Hidden from view,” eh? Were these digital ninjas disguising as Freedom of Information responses? I wonder if the review of information-sharing processes will include mandatory escape room training for all staff? Just a thought!