Sensitive Data Breach: Norfolk and Suffolk Police Under Investigation for Mishandling

In a concerning turn of events, Norfolk and Suffolk police have acknowledged mishandling the sensitive data of individuals involved in various criminal cases, ranging from domestic abuse incidents to hate crimes. This breach has raised serious questions about data protection protocols within law enforcement agencies and has prompted an investigation by the Information Commissioner’s Office (ICO), potentially leading to fines for the implicated forces.

The data breach came to light as a result of freedom of information (FoI) requests, with both Norfolk and Suffolk police forces conceding that the personal information of 1,230 individuals was mistakenly included in files provided in response to these requests. The compromised data pertains to victims, witnesses, and suspects involved in crimes such as sexual offences, assaults, thefts, and hate crimes.

The breach encompassed information from April 2021 to March 2022 and impacted files that were produced as a response to FoI requests for crime statistics. Although the data was concealed within the files, the fact that it was included at all constitutes a grave error in data handling.

According to a joint statement issued by both forces, “A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included.”

The compromised data contained personally identifiable information, descriptions of offences, and other sensitive details. It encompassed a broad spectrum of criminal incidents, from domestic incidents to hate crimes, underlining the gravity of the breach.In response to this breach, both police forces have apologized and assured that no evidence exists suggesting that anyone outside of law enforcement accessed the exposed data. However, as a precautionary measure, a dedicated team of officers and staff have been reassigned to manage the aftermath of this incident.

Eamonn Bridger, a temporary assistant chief constable speaking on behalf of both forces, expressed regret and emphasized their commitment to data protection: “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk… procedures for handling FoI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”

Stephen Bonner, a deputy Commissioner at the ICO, underscored the significance of robust data protection measures and the potential impact of breaches: “This breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.” The ICO’s ongoing investigation will delve into the circumstances of the breach and evaluate the forces’ data protection practices.

As law enforcement agencies face mounting pressure to safeguard sensitive information, this incident serves as a stark reminder of the importance of rigorous data handling protocols and continuous vigilance in an increasingly digital age.

Leave a Reply