Information of victims of crime included in UK police FOI responses

Personal data of more than a thousand victims of crime and witnesses is leaked by Norfolk and Suffolk Police in their Freedom of Information responses after ‘technical issue’

  •  The two police forces have apologised for the mistake

The personal information of 1,230 people including victims of crime and witnesses was included in Freedom of Information responses issued by Norfolk and Suffolk Police, the forces said.

In a joint statement, Norfolk and Sussex Police said they had identified a ‘small percentage’ of FOI submissions including personal raw data.

The two police forces stressed that they have begun ‘the process of contacting those individuals who need to be notified about an impact to their personal data.’ 

They also said ‘strenuous efforts had been made to determine if the data released has been accessed by anyone outside of policing’ and had found ‘nothing to suggest that this is the case.’ 

The force’s admission comes after an ‘industrial scale breach of data’ in Northern Ireland last week which saw some details of around 10,000 officers and staff published online for a number of hours.

Norfolk and Sussex Police have issued a joint statement in response to the leak

The Police Service of Northern Ireland (PSNI) chief constable Simon Byrne, addreses reporters last Thursday following a mass data breach

Officers in Northern Ireland’s force fear for their safety after the names of 10,000 staff were leaked in a data breach. Pictured: Members of the PSNI

Yesterday, PSNI Chief Constable Simon Byrne said he is now confident that information on police officers and staff mistakenly released in a major data breach is in the hands of republican dissidents. 

A joint statement reads: ‘Norfolk and Suffolk constabularies have identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.

READ MORE: Another police force admits data breach as names and salaries of all staff are published online following ‘human error’

Fact-box text

‘A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question. The data was hidden from anyone opening the files, but it should not have been included.

‘The data impacted was information held on a specific police system and related to crime reports. 

‘The data includes personal identifiable information on victims, witnesses, and suspects, as well as descriptions of offences. It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.

‘A full and thorough analysis into the data impacted has now been completed and today, we have started the process of contacting those individuals who need to be notified about an impact to their personal data. 

‘This will be done via letter, phone, and in some cases, face to face depending on what information was impacted and what support is required. 

‘We expect this process to be complete by the end of September. We will be notifying a total of 1,230 people whose data has been breached.’

Assistant Chief Constable of Suffolk Police, Eamonn Bridger, who led the investigation on behalf of both forces, said: ‘We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.

‘I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.’

It follows Cumbria police also admitting a data breach after the names and salaries of all its staff were accidentally published online.

Cumbria Police said that on March 6 it found out information about pay and allowances had been uploaded on its website following a ‘human error’.

Cumbria Police said the impact of the breach was ‘low’, but the force had to contact every person affected.

It said: ‘Cumbria Constabulary became aware of a data breach on Monday March 6 2023 where information about the pay and allowances of every police officer and police staff roles as at March 31 2022 was uploaded to the Constabulary’s website, which was a human error.

‘The pay and allowance data also included names and position, however, it did not contain information about where the posts were deployed from or personal details such as date of birth and address.

‘This information was removed immediately after the breach was identified.

‘Cumbria Constabulary immediately contacted every affected person about the data breach, explaining that the impact of this breach was low and the measures the constabulary had put in place to manage the breach and to prevent it happening again.’

The breach was referred to the Information Commissioner’s Office (ICO), which said no further action was necessary.

Source: Read Full Article