The Police Service of Northern Ireland (PSNI) is facing a large proposed fine of £750,000 from UK data authorities stemming from a serious data breach that occurred last year. The PSNI data breach compromised the personal information of every policing and civilian employee, totaling over 9,400 individuals.
PSNI Data Breach – “A Perfect Storm of Risk and Harm”
In May 2022, the UK Information Commissioner’s Office announced its provisional findings regarding the incident and proposed penalty. Information Commissioner John Edwards said the PSNI “failed to protect the personal information of its entire workforce.” He described how the “sensitivities in Northern Ireland and the unprecedented nature of this breach created a perfect storm of risk and harm.”
The PSNI data breach reportedly happened when workforce details were published online in response to a Freedom of Information request last summer. Compromised details included full names, ranks, roles, and initials of all officers and staff. The timing and scale of the breach raised grave concerns, as the information ended up in the hands of suspected dissident republicans and other threatening actors.
Edwards highlighted “many harrowing stories” shared about how peoples’ lives were significantly impacted, forcing some to move homes or cut off contact with loved ones due to “tangible fear of threat to life.” Though the proposed fine could have been as high as £5.6 million, Edwards reduced the amount to £750,000 while still aiming to enforce accountability.
An independent review earlier declared the breach was “not the result of a single decision” but stemming from “many factors” and lack of proactive security practices at PSNI. The incident also contributed to the resignation of the former Chief Constable. PSNI now has 28 days to respond to the large proposed fine, stating it cannot presently afford such a penalty amount.
The episode has raised questions around safety, security, and ongoing investigations. Deputy Chief Constable Chris Todd affirmed police are working to identify all those possessing compromised data and link any to criminal behavior. As one of the senior officers noted, the PSNI Data Breach was “avoidable” and left many feeling distressed and anxious for their protection.
