An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff.
The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced to relocate out of fear for their safety.
Staff safety was one of the primary concerns when the breach was first disclosed, given that the identities of every serving PSNI officer were leaked online for more than two hours.
The Northern Irish police force considers itself particularly vulnerable to disclosure issues, and usually identities of its police officers are closely guarded due to the ethno-nationalist conflict that has raged on the island of Ireland for decades.
At the time of the data breach disclosure, the PSNI said no staff members were being relocated, but the review revealed that one officer decided to relocate themselves and their family out of concern for their safety.
The following months saw an undisclosed number of officers also decide to relocate for the same reason.
Staff well-being services are currently stretched with the number of officers seeking support as a result of a force-wide decline in mental health.
A number of officers also reportedly sought PSNI support with name changes but were told this was an unnecessary step.
A single resignation was issued in relation to the breach, though it's not understood if this references the resignation of former police chief Simon Byrne or another officer.
The review highlighted that despite the significant impact the incident has had on the force, staff responses to it were varied.
More than 4,000 staff members contacted the threat assessment group assembled by the PSNI for support and information.
A similar number are thought to be part of a complaint issued to the Information Commissioner's Office and a civil case against the force.
Operational impact on the PSNI is also thought to be significant, with costs expected to be in the region of £24-37 million - a sum the PSNI could not afford due to other financial constraints.
The review highlighted a litany of issues surrounding the force's approach to data protection and the Northern Ireland Police Board's role in holding the PSNI's chief constable to account for the delivery of its services.
A number of audits have been ordered to investigate information security and data protection controls, but some have been delayed or canceled, and the scope of the audits has been limited.
Those that have taken place have found adequate assurances in these areas, though the ICO's audit, carried out separately, suggested there was a lack of oversight within the organization as regards data protection.
Another UK public sector data blab, this time info of pregnant women, cancer patients Home of the world's longest pleasure pier joins public sector leak club Irish cops data debacle exposes half a million motorist records Northern Ireland's top cop quits after security breach, disciplinary controversy.
DPIAs were highlighted by the ICO as an area in need of attention, especially given the police's arsenal of intrusive tools, such as automatic number plate recognition, bulk and sensitive information sharing, facial recognition, internet search tools, and algorithmic risk assessment tools.
Among the various recommendations made to the PSNI to improve its data protection, the embedding of DPIAs within projects was highlighted as a key measure that must be taken.
The Data Protection Act 2018 also mandated the creation of a data protection officer within organizations, but the establishment of this role within the PSNI has been delayed through periods of having an interim DPO and no DPO at all.
This Cyber News was published on go.theregister.com. Publication date: Tue, 12 Dec 2023 14:13:10 +0000