The Police Service of Northern Ireland (PSNI) has failed to have a £750,000 fine reduced over a major data breach last year.
The ICO has confirmed the fine after their investigation found that simple-to-implement procedures could have prevented the serious breach, in which hidden data on a spreadsheet released as part of a freedom of information request revealed the surnames, initials, ranks and roles of all 9,483 PSNI officers and staff. Subsequently there was a working assumption that the file was in the hands of those who may use it to create fear and possibly intimidation.
The ICO said that they were mindful of the current financial position at PSNI and not wishing to divert public money from where it is needed, and so the Commissioner used his discretion to apply the public sector approach in this case. Had this not been applied, the fine would have been £5.6 million. Youc an read the full ruling at https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/10/what-price-privacy-poor-psni-procedures-culminate-in-750k-fine/.
Are your simple-to-implement procedures in place and always used, and are you actively developing a security culture to ensure consistent behaviours to protect personal data?
You can find out more about what you should do, by looking at the NCSC Small Charity Guide at https://www.ncsc.gov.uk/collection/charity or booking a free 25-minute call with Nick for some pointers to other resources.