Norfolk and Suffolk Police data breach: Personal data of 1,230 people exposed
Names addresses and dates of birth attached to replies to FOI requests
The police departments of Norfolk and Suffolk in England have admitted mishandling confidential information related to victims, witnesses, and suspects in cases encompassing various offences such as sexual crimes, domestic abuse incidents, thefts, assaults and hate crimes.
In a joint statement, the Norfolk and Suffolk police forces said that a "technical issue" resulted in data being included within files generated in response to Freedom of Information (FOI) requests concerning crime statistics.
They stated that the information was attached to 18 replies provided in response to FOI requests issued by the police forces between April 2021 and March 2022.
The responses to the FOI requests were sent to recipients that included journalists and researchers.
The data affected included names, addresses, and dates of birth.
The police forces asserted that the information was hidden from anyone accessing the files. Nevertheless, they admitted that the including the information in FOI responses was inappropriate.
They said that they had discovered no evidence to imply that the information had been viewed by individuals "outside of policing".
"The data impacted was information held on a specific police system and related to crime reports. The data includes personal identifiable information on victims, witnesses, and suspects, as well as descriptions of offences. It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime," the police forces said.
Eamonn Bridger, the temporary assistant chief constable of Suffolk Police, who led the investigation, said that upon becoming aware of the breach, they promptly implemented measures to respond and eliminate the data from public access.
"The management of information is a complex area of policing, especially when we're talking about huge volumes of data... occasionally things can go wrong," Bridger said.
"I recognise the seriousness of this incident and take the opportunity to apologise that this data breach has occurred," he added.
"I deeply regret any concern that it has caused to any member of the public."
The affected individuals are expected to receive communication via letters, phone calls, or direct interactions.
Officers expect that this process to be concluded by the end of September.
The Information Commissioner's Office (ICO) has initiated a formal investigation into the data breach, a process that might lead to potential fines.
"The potential impact of a breach like this reminds us that data protection is about people," Stephen Bonner, deputy commissioner at the ICO, said.
"It's too soon to say what our investigation will find, but this breach - and all breaches - highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive."
The data breach at Norfolk and Suffolk Police forces is the latest example of data mishandling within the realm of policing.
Last week, the Police Service of Northern Ireland (PSNI) and Cumbria police acknowledged errors.
PSNI issued an apology for an inadvertent breach where they published the surnames, initials, ranks or grades, work locations, and departments of all PSNI personnel in response to an FOI request.
PSNI attributed the breach to human error.
Additionally, Cumbria Police acknowledged a data breach that led to the online exposure of names and salaries for their entire workforce. This incident affected a total of 1,304 police officers, 756 staff members, and 52 police community support officers.