Two police forces in England, Norfolk and Suffolk, have revealed a serious mishandling of sensitive personal data belonging to victims, witnesses, and suspects involved in a range of criminal cases, including domestic abuse, sexual offenses, assaults, thefts, and hate crimes.
Furthermore, the breach occurred as the data of 1,230 individuals was inadvertently included in files that were part of responses to freedom of information requests. The forces have issued apologies and are now under formal investigation by the Information Commissioner’s Office, which could lead to potential fines. This incident highlights yet another data mismanagement case in law enforcement, following recent admissions of blunders by other police departments.
The breach stemmed from a technical issue within the Norfolk and Suffolk constabularies, where raw data related to crime reports, including personal identifiable information and descriptions of offenses, was included within files produced as a response to freedom of information requests. Although the data was not visible when opening the files, it should not have been included in the first place.
As a result of this breach, a specialist team of officers and staff has been assigned to address the situation and its consequences. Both forces have made rigorous efforts to ascertain whether the released data had been accessed externally, with no evidence indicating such unauthorized access at this point.
Eamonn Bridger, a temporary assistant chief constable representing both Norfolk and Suffolk forces, expressed apologies for the incident and reassured the public that procedures for handling freedom of information requests are continually reviewed to ensure data protection.
Stephen Bonner, a deputy commissioner at the ICO, emphasized the importance of robust measures for safeguarding sensitive personal information, particularly in cases involving such sensitive data. The ongoing investigation will delve further into this breach and its potential consequences, as the focus remains on ensuring data protection and instilling confidence in individuals regarding the security of their information.