The Police Ombudsman for Northern Ireland (PONI) has issued a formal apology after an accidental data breach exposed personal details of 160 current and former staff members. The incident, which occurred during an ongoing recruitment exercise, involved the inadvertent release of a document containing sensitive information about employees. This document, which was sent to 22 individuals applying for investigator positions, included the last names and initials of staff members, their employment status, and team assignments as of May 2022.
The breach was discovered when the document was mistakenly shared with job applicants, leading to concerns over the security of personal data. Hugh Hume, the chief executive of PONI, promptly informed staff about the breach last Friday. The leaked information detailed not only the names but also the employment status of individuals, including whether they were part-time, agency workers, or seconded staff. The document’s release was described as “inadvertent” and was not intended for public distribution.
PONI has contacted the Information Commissioner’s Office (ICO) to report the breach and has taken immediate steps to address the situation. This includes reaching out to the recipients of the document to confirm the deletion of the email and any associated files. So far, 12 of the 22 recipients have confirmed that they have deleted the sensitive information. The ombudsman’s office is also contacting former staff members affected by the breach and has committed to appointing an independent external investigator to review the incident and recommend measures to prevent future occurrences.
This breach is not the first data security issue faced by Northern Ireland’s public sector. In recent years, similar incidents have affected other organizations, including the Police Service of Northern Ireland (PSNI), which experienced a significant data exposure in a separate case. The current situation highlights the ongoing challenges in safeguarding sensitive information and the importance of robust data protection practices in public sector institutions.
Reference:
