ICO Proposes £750,000 Fine Against PSNI Over Workforce Data Breach

The UK's Information Commissioner's Office (ICO) has recently announced its intention to fine the Police Service of Northern Ireland (PSNI) £750,000 for failing to protect the personal information of its entire workforce.

The proposed fine stems from an incident where the PSNI inadvertently published online a spreadsheet containing the surnames, initials, ranks and roles of all 9,483 serving officers and staff. This sensitive data was included in a hidden tab of the spreadsheet released in response to a freedom of information request.

"Perfect Storm" of Risk and HarmIn announcing the provisional fine, Information Commissioner John Edwards described it as a "perfect storm of risk and harm" that highlighted the serious human impacts of poor data security practices.

The ICO's investigation found the PSNI's internal procedures and approval processes for safely disclosing information were inadequate. Edwards noted many "harrowing stories" from those affected, including officers having to move homes, cut off family, and alter routines due to tangible fears for their safety.

"Simple policies" could have prevented the breach, Edwards stated, once again urging all organizations to review and enhance disclosure procedures to protect entrusted personal data.

Public Interest ConsiderationsIn setting the £750,000 provisional fine, the ICO applied its "public sector approach" which uses discretionary factors to prevent fines from diverting funds away from essential public services. Had this approach not been used, the PSNI could have faced a potential £5.6 million fine for the data breach, highlighting the seriousness of the failure.

The PSNI has also been issued a preliminary enforcement notice, requiring it to improve personal data security when responding to freedom of information requests. The case underscores the significant consequences data breaches can have, especially for public authorities handling sensitive information about employees in high-risk roles.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.