Norfolk and Suffolk Police forces announced Tuesday that the personal data of 1,230 people was leaked between April 2021 and March 2022. The data breach included personal identifiable information on victims, witnesses and suspects, as well as details of offences. These included instances of assault, sexual offences, domestic incidents and hate crimes.
A statement issued by Norfolk and Suffolk police revealed the data leaked due to a technical issue when responding to Freedom of Information requests for crime statistics, leading to raw data being included within the files produced for the requests. The forces apologised for the mistake, stating, “we sincerely regret any concern it may have caused the people of Norfolk and Suffolk” due to the sensitive nature of the information. Those affected will be notified via letter, phone or face-to-face contact about the impact of the leak.
While the force claims the data was not “accessed by anyone outside policing,” the Information Commissioner’s Office (ICO) confirmed both forces are now under investigation. ICO Deputy Commissioner Stephen Bonner highlighted that such breaches can pose serious risks to those concerned:
The potential impact of a breach like this reminds us that data protection is about the people. It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.
Bonner ensured that the ICO will continue to enforce data protection standards “so that people feel confident that their information is secure.” However, the data leak is the second to occur in a week, following shortly after information was mistakenly leaked by the Police Service of Northern Ireland (PSNI). These events have led to criticism of the force’s actions from some groups, including the Women’s Equality Party, which questioned, “[h]ow can anyone be expected to trust the police with our sensitive data.” Additionally, STOPCOMMONPASS criticized the forces’ response to the leak stating, “[i]t’s completely unacceptable that the leak wasn’t brought to light earlier. They could have, but didn’t. Not good enough.”
The ICO continues to investigate this incident, and a separate breach reported in November 2022. The investigation could result in fines for those responsible.