Review finds institutional data failings at Northern Ireland police

'Most significant data breach in the history of UK policing' was result of widespread organisational failures

Northern Ireland's difficult history of religious clashes makes the data breach all the more worrying for staff

Image:
Northern Ireland's difficult history of religious clashes makes the data breach all the more worrying for staff

A data breach at Police Service Northern Ireland, which exposed nearly 10,000 staff's personal details online, has been blamed on a force-wide lack of prioritisation for data security.

A report from National Police Chiefs' Council found that the breach, which occurred in August, was more than the result of simple human error: six separate people missed the mistake before the data was shared as part of a Freedom of Information request.

The information included the last names, initials, ranks or positions, work locations and departments of all PSNI personnel. It quickly ended up in the hands of dissident Republicans, one of whom was arrested days later.

The investigation found that this information, which should have been removed from the shared file, was instead left attached behind a hidden tab.

The mistake was not the result of a "single isolated decision, act, or incident by any one person, team, or department." Instead, the report authors write, "it was a consequence of many factors, and fundamentally a result of PSNI as an organisation not seizing opportunities to better and more proactively secure and protect its data, to identify and prevent risk earlier on, or to do so in an agile and modern way."

The report went on to blame PSNI executives for failing to prioritise data, information and cybersecurity at a strategic level, and for failing to institute a force-wide data strategy.

PSNI's chief constable Jon Boutcher, who took over from Simon Byrne when he resigned following the breach, called the report "a damning indictment" and "a wake-up call for every police force in the country."

Boutcher said no PSNI employees had been dismissed as a result of the breach, including the six individuals responsible for processing the original request.

"They're at the heart of putting things right," he said. "We're human beings, not robots.

"This is an organisational failure, an accumulation of issues."

Although nobody has lost their job, at least one officer has resigned from PSNI as a result. Around 50 others are off sick with stress, according to The Telegraph, and some are worried about visiting their places of worship. Some have even considered changing their names.

Around 4,000 staff are said to be considering a civil claim against PSNI, which could cost as much as £37 million.