Details have emerged of a significant data breach at Norfolk and Suffolk Police, resulting in the personal data of 1,230 individuals mistakenly being included in freedom of information (FOI) responses issued between April 2021 and March 2022. The breach was caused by a technical issue in which certain raw data was mistakenly included in the files produced in response to the FOI requests. The impacted data contained personal information on victims, witnesses, and suspects, as well as descriptions of offences related to various crimes such as domestic incidents, sexual offences, assaults, thefts, and hate crimes. A thorough analysis of the data breach has been completed, and the constabularies have initiated the process of contacting individuals who need to be notified of the impact on their personal data by the end of September.
In a statement from the Information Commissioner's Office (ICO), Deputy Commissioner Stephen Bonner said, "We are currently investigating this breach and a separate breach reported to us in November 2022." Concerning the significance of a data breach like this, Bonner said, "This reminds us that data protection is about people. It’s too soon to say what our investigation will find, but this breach – and all breaches - highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive."
Meanwhile, BBC News reports that the accidental release has caused concern among charities and experts alike. Fiona Ellis, the chief executive of Survivors in Transition, a charity that supports sexual abuse victims, has stated that changes need to be made in order to prevent similar incidents from occurring in the future. While Ms Ellis is reassured the police have recognised the severity of the situation and are taking steps to improve their policies and procedures, she emphasised the importance of supporting and reassuring victims and witnesses during this time. Dame Vera Baird, the former Victims' Commissioner for England and Wales, also expressed her concern, particularly for victims who should have lifelong anonymity under the law.
In a separate article, Chief Constable Paul Sanford of Norfolk Constabulary confirmed that the personal information of 858 victims and witnesses from his force were among the data attached to freedom of information request responses involved in the breach. Chief Constable Sanford acknowledged that the breach should not have happened and that steps have been taken to prevent it from occurring in the future. Efforts are also being made to determine whether any unauthorised parties accessed the data, but so far, no evidence has been found.
Jon Baines, Senior Data Protection Specialist at Mischon de Reya, was interviewed on BBC Radio 5 Live to discuss the recent data leaks made by Norfolk and Suffolk police. The conversation focusses on the practice and risks associated with using spreadsheets when responding to a Freedom of Information (FOI) request. * Start listening 1:50.00.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.