PSNI fined £750k over data breach
The Police Service of Northern Ireland (PSNI) has been slapped with a £750,000 fine over its unprecedented data breach last year.
The force inadvertently published the names, roles and other personal details of all serving police officers and civilian staff on its website just over a year ago.
The Information Commissioner’s Office (ICO) today confirmed the £750,000 fine proposed in its provisional decision announced in May, though it will not now impose an enforcement notice.
The fine was significantly reduced as a result of the ICO’s new public sector approach. If this had not been applied, the fine would have been £5.6 million.
John Edwards, UK information commissioner said: “I cannot think of a clearer example to prove how critical it is to keep personal information safe.
“It is impossible to imagine the fear and uncertainty this breach — which should never have happened — caused PSNI officers and staff.
“A lack of simple internal administration procedures resulted in the personal details of an entire workforce — many of whom had made great sacrifices to conceal their employment — being exposed.
“Whilst I am aware of the financial pressures facing PSNI, my role as commissioner is to take action to protect people’s information rights and this includes issuing proportionate, dissuasive fines. I am satisfied, with the application of the public sector approach, this has been achieved in this case.
“Let this be a lesson learned for all organisations. Check, challenge and change your disclosure procedures to ensure you protect people’s personal information.”
PSNI chief constable Jon Boutcher said: “Today’s confirmation that the ICO has imposed a £750,000 fine on the Police Service of Northern Ireland is regrettable, especially given the financial constraints we are currently facing.
“This fine will further compound the pressures the service is facing. Although the majority of the cost — £610,000 — was accounted for against the budget last year, a further £140,000 will now be charged against our budget in the current financial year.”
He added: “Following the ICO’s announcement in May that they intended to impose a fine and issue an enforcement notice we made representations regarding the level of the fine and the requirements in their enforcement notice.
“While we are extremely disappointed the ICO have not reduced the level of the fine we are pleased that they have taken the decision not to issue an enforcement notice.
“That decision is as a direct result of the police service proving to the ICO that we had implemented the changes recommended to improve the security of personal information in particular when responding to FOI requests.”
Separate civil proceedings against the PSNI in relation to the data breach were recently adjourned by the High Court to allow for mediation.