Recent incidents highlight a pattern of data breaches in police departments.
Two leading police forces in England, Norfolk and Suffolk, have publicly acknowledged mishandling sensitive data. This breach affected 1,230 individuals, including victims, witnesses, and suspects related to cases ranging from domestic abuse and sexual offences to assaults, thefts, and hate crimes.
These revelations came after the forces discovered that the data was inadvertently included in files during responses to Freedom of Information (FoI) requests between April 2021 and March 2022. While the data remained hidden within the files and there’s no current evidence indicating unauthorized access, it underscores the critical importance of data protection and privacy.
The Information Commissioner’s Office (ICO) has since initiated a formal investigation into the incident. Both forces could face penalties depending on the investigation’s outcome.
In a joint statement, the police departments clarified, “The data included personal identifiable information relating to a variety of offences. We have begun the process of notifying the affected individuals.” They also emphasised that they found no evidence suggesting any outsider had accessed the released data.
This mishap is the latest in a series of data breaches involving police departments. Last week, the Police Service of Northern Ireland admitted to a significant data leak, causing much distress among the officers. Similarly, Cumbria police also reported a data-related incident.
Addressing the situation, Eamonn Bridger, the temporary assistant chief constable for both Norfolk and Suffolk, expressed sincere regrets. “We deeply apologise for this oversight and the potential distress it may cause our citizens,” he commented, assuring that they are constantly reviewing procedures concerning FoI requests to bolster data protection.
Stephen Bonner, ICO’s deputy commissioner, emphasised the gravity of such breaches, especially when they concern sensitive data. “While our investigation is ongoing, this incident highlights the need for rigorous measures to safeguard personal information,” he noted.
The incident has resulted in a specialized team’s diversion from their regular duties to address the data mishap and its subsequent implications. The affected individuals will be contacted by the end of September.
This series of data blunders raises pertinent questions about data protection measures in place and underscores the importance of robust systems to safeguard sensitive information.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.