Norfolk and Suffolk Police have acknowledged a significant data breach that compromised the personal information of 1,230 individuals, including victims of crime and witnesses. This incident unfolded when their responses to Freedom of Information (FOI) requests inadvertently included sensitive details about these individuals.
The police forces issued a joint statement describing the incident as involving "a very small percentage" of FOI requests that were handled between April 2021 and March 2022. The compromise included raw data attached to crime reports along with identifiable information about the victims, witnesses, and suspects, detailing numerous offences.
"a very small percentage"
The constabularies explained, "It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime." While the confidential data was not overtly visible in the files provided, they recognized that it "should not have been included" and emphasized that accessing this information required specific knowledge.
" While the confidential data was not overtly visible in the files provided, they recognized that it "
Currently, efforts are underway to notify all affected individuals. Police officials stated that they will contact each person through mail, telephone, or face-to-face meetings, depending on the severity of the breach. As part of this notification, individuals will receive crucial information about the specific data that was compromised and guidance on available support services.
In light of this breach, Eamonn Bridger, Assistant Chief Constable of Suffolk Police, issued an apology, remarking, "Procedures for handling FOI requests made to the constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected."
The Information Commissioner’s Office (ICO) is now investigating this breach, as well as another incident reported by the police in November of the previous year. Dame Vera Baird, who previously served as the victims’ commissioner, expressed her alarm at the breach, calling it "appalling" and "shocking."
"appalling"
Looking Ahead
Baird elaborated, “There are people who know how to access data once it’s out there, so the risk is obvious. We don’t know if it is the worst-case scenario – we hope it won’t be – but it’s a tremble to public confidence.” She highlighted the serious implications for victims and witnesses who may now fear for their safety or be deterred from coming forward in future cases, stating, "Victims and witnesses are entitled to anonymity, so confidence is being breached."
This data breach becomes even more concerning when considered alongside a recent significant leak involving the Police Service of Northern Ireland (PSNI), where personal details of all its officers were mistakenly disclosed. Chris Todd, Deputy Chief Constable of PSNI, confirmed that the leak included names, ranks, and other personal data of current employees.
In his remarks, Todd stated that news of the data breach is "the last thing that anybody in the organization wants to be hearing," especially given the extensive terrorist threats facing police officers. PSNI Chief Constable Simon Byrne expressed apprehensions that the leaked data might be in the hands of dissident republican groups.
"the last thing that anybody in the organization wants to be hearing,"
The fallout from these incidents highlights a growing concern regarding the privacy and security of sensitive information held by law enforcement agencies. Dame Vera Baird's worry echoes the fears of many regarding the repercussions these breaches may have on ongoing cases and the willingness of individuals to come forward as victims or witnesses.
As both police forces navigate the implications of this breach, the long-term effects on public confidence in their ability to protect citizens’ information remain to be seen. The ICO's ongoing investigation may lead to further scrutiny and potential policy changes aimed at strengthening data protection practices within law enforcement agencies.
