---

£750,000 fine for PSNI over data breach

Britain’s Information Commissioner’s Office (ICO) has fined the Police Service of Northern Ireland (PSNI) Stg £750,000 for a data breach last year in which the names, work locations, and roles of its employees were published in error.

The ICO said that the breach had exposed the personal information of the PSNI’s entire workforce, leaving many fearing for their safety.

The office’s investigation found that “simple-to-implement” procedures could have prevented the breach, in which hidden data on a spreadsheet released as part of a freedom-of-information request revealed the surnames, initials, ranks, and roles of all 9,483 PSNI officers and staff.

Discretion

It said that the fine would have been £5.6 million, if the Information Commissioner John Edwards had not used his discretion to apply a public-sector approach.

The ICO said that the fine had taken into account the current financial position at the PSNI, as well as a desire not to divert public money from where it is needed.

“It is impossible to imagine the fear and uncertainty this breach – which should never have happened – caused PSNI officers and staff,” said Edwards.

‘Regrettable’

“A lack of simple internal administration procedures resulted in the personal details of an entire workforce – many of whom had made great sacrifices to conceal their employment – being exposed,” he added.

Jon Boutcher (Chief Constable, PSNI) described the imposition of the fine as “regrettable, especially due to the financial constraints we are currently facing”.

He added that the service had proved to the ICO that it had implemented the changes recommended to improve the security of personal information, in particular when responding to FOI requests.