The UK’s Norfolk and Suffolk police constabularies have disclosed the accidental exposure of personal data belonging to more than 1000 individuals, including victims of crime. The agencies said they identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.
A technical issue led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question. The data was hidden from anyone opening the files, but it should not have been included, an official statement read.
The disclosure came just a few days after the Police Service of Northern Ireland (PSNI) admitted to suffering two separate data breaches. The first centred on the exposure of information on serving police officers and civilians in response to an FOI request from a member of the public relating to officer rank and staff grades. An error led to the sharing of a large Excel spreadsheet containing the surnames and initials of current employees alongside the location and department within which they work.
The second involved the theft of documents including a spreadsheet containing the names of more than 200 serving police officers and staff from a “private vehicle” in the Newtownabbey area in Northern Ireland.
The affected data in the Norfolk and Suffolk police cases was information held on a specific police system and related to crime reports, the statement read. The data includes personally identifiable information on victims, witnesses, and suspects, as well as descriptions of offences. It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts, and hate crimes.
“A full and thorough analysis into the data impacted has now been completed and today, we have started the process of contacting those individuals who need to be notified about an impact to their personal data,” the statement continued. This will be done via letter, phone, and in some cases face to face depending on what information was impacted and what support is required. This process is expected to be complete by the end of September with a total of 1,230 people whose data has been breached to be notified.