Two police forces, Norfolk and Suffolk, have admitted mishandling the sensitive data of victims, witnesses, and suspects in various criminal cases, including domestic abuse incidents, sexual offenses, assaults, thefts, and hate crimes. The data of 1,230 individuals was included in files shared in response to freedom of information requests.
Both police forces have apologized for the incident and acknowledged that the Information Commissioner’s Office (ICO) has placed them under formal investigation. The investigation could result in fines for the forces. However, there is no evidence that anyone has accessed the files by clicking on the links provided.
This incident is the latest in a series of data mishaps within policing. Recently, the Police Service of Northern Ireland also admitted serious blunders that have left officers fearing for their safety. Cumbria police have also made separate admissions of mishandling data.
Norfolk and Suffolk police released a joint statement acknowledging the breach. They explained that a technical issue had led to raw data, including personal identifiable information of victims, witnesses, and suspects, being included in the files produced in response to freedom of information requests. This data should not have been included since it related to a specific police system and various criminal offenses.
A total of 1,230 people have been affected by the breach, and the police have committed to contacting them by September. A specialist team has been assigned to address the data blunder and its consequences. The forces have made efforts to determine if the data has been accessed by anyone outside the police but have found no evidence of unauthorized access at this point.
The police forces have expressed their apologies for the incident and reassured the public that they continuously review procedures to ensure the proper protection of data under their control. The ICO has emphasized the importance of robust measures to protect personal information, especially when dealing with sensitive data. They are currently investigating this breach, as well as a separate breach reported in November 2022, and will continue to support organizations in securing data protection.