In August 2023, Norfolk and Suffolk police forces in the UK revealed a significant data breach that exposed the personal information of 1,230 individuals, including victims of crime and witnesses. The breach occurred due to a technical issue in Freedom of Information (FOI) responses issued between April 2021 and March 2022. The police have apologized and are notifying affected individuals.
Details of the Breach
The breach involved the accidental inclusion of raw crime report data in a small percentage of FOI responses. This data, which was hidden from anyone opening the files, should not have been included. It contained personally identifiable information on victims, witnesses, and suspects, as well as descriptions of offences, including sexual and domestic assaults.
Response and Impact
Both Norfolk and Suffolk police forces have expressed deep regret over the incident. They have initiated a process to contact all affected individuals by letter, phone, or in person by the end of September. The forces have also referred the matter to the Information Commissioner’s Office (ICO) for independent review.
Broader Context of Data Breaches in UK Policing
This incident is part of a series of data breaches within UK police forces. For instance, in August 2023, the Police Service of Northern Ireland (PSNI) suffered a major data breach when personal information of approximately 9,500 police officers and staff was accidentally published online in response to a FOI request. The disclosed data included surnames, initials, ranks, work locations, and departments for all PSNI employees.
Similarly, in March 2023, Cumbria Police admitted to a data breach where the names and salaries of every officer and staff member were accidentally published online. The force attributed the breach to human error and stated that there was no risk to individual personnel.
These incidents highlight the ongoing challenges UK police forces face in safeguarding sensitive personal data. The breaches have raised concerns about data protection practices and the potential risks to individuals whose information is compromised.
Conclusion
The recent data breach by Norfolk and Suffolk police forces underscores the critical importance of robust data protection measures within law enforcement agencies. As these incidents continue to unfold, they serve as a stark reminder of the need for vigilance and accountability in handling sensitive personal information.
References
-
“Norfolk and Suffolk police: Victims and witnesses hit by data breach,” BBC News, August 15, 2023. (bbc.com)
-
“UK police data breach leaks personal information of 1,230 people,” JURIST, August 15, 2023. (jurist.org)
-
“Northern Ireland police data breach blamed on outdated practices,” The Guardian, December 11, 2023. (theguardian.com)
-
“Cumbria police admit huge breach of data of officers and staff,” The Guardian, August 11, 2023. (theguardian.com)
The trend of UK police data breaches raises serious concerns about FOI request handling and data security protocols. What steps can be taken to ensure compliance and prevent accidental data inclusion, particularly given the sensitive nature of police records?