The Police Service of Northern Ireland (PSNI) has issued a public apology after it accidentally published the personal and employment details of more than 10,000 officers and staff online. The data breach happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff of all ranks and grades across the organisation. In the published response, a table was embedded that contained the rank and grade data, but also included detailed information that attached the surname, initial, location and departments for all PSNI employees. The data was potentially visible to the public for between two-and-a-half to three hours before it was removed.
The PSNI said it was a “human error” and that it had launched an urgent investigation to establish the level of risk to its personnel. The UK Information Commissioner’s Office (ICO) has also been notified and is conducting its own inquiry. The PSNI said it was contacting all the affected individuals to inform them of the incident and to offer them support and advice.
The data breach has sparked fears that the release could jeopardise the security of police officers in Northern Ireland, who are under constant threat from dissident republican terrorists. The current assessed level of threat in the region is severe, meaning an attack is highly likely. Earlier this year, Chief Constable Simon Byrne said he received briefings almost every day about plots to attack and kill his officers. In February, senior detective John Caldwell was seriously injured when he was shot by gunmen at a sports complex in Co Tyrone.
Police Federation expresses shock and anger over data breach
The Police Federation for Northern Ireland (PFNI), which represents rank and file officers, said it was “shocked, dismayed and angry” over the data breach. The PFNI chairman, Liam Kelly, said he had been “inundated” with messages from officers who were concerned about their safety and privacy. He said some officers had moved out of their homes overnight or had not told their friends or family that they worked for the PSNI.
“Our officers go to great lengths to protect their identities. Some of them don’t even tell their close friends and associates that they are actually in the police,” he said. He added that the data breach was a “breach of monumental proportions” and that the officers wanted action to ensure that it never happened again.
He also criticised the PSNI leadership for not being transparent and accountable about the incident. He said he had not received any official communication from the PSNI until late on Tuesday night, hours after the media had reported on the data breach. He said he had requested an urgent meeting with the Chief Constable, who is understood to be on holiday, but had not received a reply.
Policing Board to hold special meeting to discuss data breach
The Northern Ireland Policing Board (NIPB), which oversees the performance and governance of the PSNI, said it was “deeply concerned” about the data breach and that it would hold a special meeting on Thursday to discuss the matter with the PSNI senior team. The NIPB chairwoman, Anne Connolly, said she had spoken to the Deputy Chief Constable, Mark Hamilton, who had assured her that a full investigation was under way and that steps were being taken to mitigate the risk to officers and staff.
She said the NIPB would seek assurances from the PSNI that appropriate measures were in place to prevent such an incident from happening again and that lessons were learned from this “serious error”. She also expressed sympathy and support for all those affected by the data breach.
“The Board recognises that this is an extremely worrying time for all those whose personal details have been compromised and for their families,” she said. “The Board will do all it can to support them through this difficult period.”