PFNI says data breach fine underlines ‘dangerous failings’

PFNI says data breach fine underlines ‘dangerous failings’

26 days ago Members News

The Police Federation for Northern Ireland (PFNI) has welcomed the Information Commissioner’s Office provisional findings report into the unprecedented PSNI data breach.

PFNI Chair, Liam Kelly said: “The provisional fine of £5.6 million reflects the gravity of the breach which exposed the surname, initials, rank and role of all officers and staff. The Commissioner has decided to use his public sector approach discretion to reduce this to potentially £750,000.

“The ICO has clearly considered the parlous state of the PSNI which once again faces massive under-funding. In the context of what penalty could have been applied, I have to say the PSNI got off lightly and I welcome that fact.

“However, I’m sure that £750,000 could have been put to better use within the workplace and supporting local community projects. I support the PSNI in making this case before the ICO finalises its decision.

“The ICO has confirmed there were dangerous failings to protect personal information and a shocking absence of protocols for the safe disclosure of information.

“The Commissioner acknowledges the ‘many harrowing stories’ investigators heard about the impact of ‘this avoidable error’. Pointing up situations where people felt they had to move house, cut off ties with family members and completely alter daily routines underline the seriousness of what happened.

“There was, as the ICO says, ‘tangible fear of threat to life’ and it’s clear from this damning report that there was no holding back or minimising what officers and staff were confronted with as a result of personal information reaching the public domain.

“A preliminary enforcement notice has also been issued by the ICO. Thankfully, as a result of the external review process following the data breach, the principal issues have already been identified and PSNI has either completed or made solid progress in concluding the remedial work required in relation to its systems and processes.

“This kind of egregious error can never be allowed to happen again and that must mean the organisation ensures watertight data defences are in place and that they operate the most stringent possible processes and protocols in the future.”

Trending Articles