Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

PSNI fined more than €900,000 over staff data breach

The Police Service of Northern Ireland (PSNI) has been fined almost €1 million for last year’s major data leak in which the personal and employment data of 10,000 police officers and staff was published online.
Fining the PSNI £750,000 (€900,150), the UK Information Commissioner said the fine would have been £5.6 million (€6.72 million) but, not wishing to divert public money and given the force’s current financial position, he had used his discretion to limit the financial penalty.
John Edwards found simple procedures could have prevented the data leak and said he “cannot think of a clearer example to prove how critical it is to keep personal information safe”.
In August 2023 the PSNI mistakenly released the surname, first initial and employment details – including where they work and their department – of every serving police officer and civilian member of staff alongside a response to a Freedom of Information (FoI) request, which was then published online.
The information was subsequently obtained by dissident republicans, and left some police officers and civilian staff, particularly those from a Catholic background, afraid for their safety.
One individual told the investigation carried out by the Information Commissioner’s Office (ICO) they felt they had no choice but to take another job outside of the police. “I am essentially taking a pay cut, not to mention leaving the job that I dreamed of since I was a small child, and geared my whole life towards.”
Another said they had “gone to great trouble to ensure that I remained invisible, with no social media presence, removal from the electoral roll, 192.com, never revealing my job to others and lying about where I work whenever asked. I have trouble sleeping, my children… are all stressed about my welfare, some of them have told me they have nightmares about me getting attacked.”
Mr Edwards said it was “impossible to imagine the fear and uncertainty this breach – which should never have happened – caused PSNI officers and staff. A lack of simple internal administration procedures resulted in the personal details of an entire workforce – many of whom had made great sacrifices to conceal their employment – being exposed.”
Deputy chief constable Chris Todd said the fine was “regrettable, especially given the financial constraints we are facing”.
He said the PSNI “as a service [was] in a different place today than we were last August, and we have continued to work tirelessly to devalue the compromised data set by introducing a number of measures for officers and staff”.

en_USEnglish