Our specialist lawyers help our clients pursue justice and compensation following data privacy violations. We are committed to advocating for those who have suffered harm – whether financial, physical, or emotional – due to such breaches.
We take what we do seriously and believe that organisations must be held accountable for lapses in data security. But, in our work, we often come across people who downplay the possible ramifications of a data breach. Usually because they simply do not understand the significant damage that a privacy violation can cause.
The recent Northern Irish police data breach highlights the potentially catastrophic consequences of a data protection failure.
What happened in this case?
The breach — which happened in August 2023 – occurred when the force erroneously uploaded the wrong Excel spreadsheet to a Freedom of Information website. The spreadsheet contained the names, bases, units, and duties of about 10,000 officers and civilian staff members. In other words, every single officer and civilian employee in the force.
Those affected included Tactical Support Group members (who often wear balaclavas to conceal their identities), personal protection officers, plain-clothed officers involved in covert operations, and those working with MI5.
In Northern Ireland, police face a “severe” terrorist threat level, meaning an attack is highly likely. As such, many officers go to great lengths to protect their identities, even keeping their roles a secret from relatives and close friends.
There are concerns that the compromised data would be very useful to terrorists and the disclosure could be a “death sentence”. While the force attempted to remove the spreadsheet, news of its publication spread quickly. According to PSNI chief constable, Simon Byrne, the information is believed to be in the hands of dissident republicans. Furthermore, documents from the leak have been posted on a wall near a Sinn Féin office in Belfast.
Speaking to POLITICO, one officer involved in the data breach said: “Terrorists would literally kill for this information, and we gave it away.”
Officers can take legal action against the Police Service of Northern Ireland (PSNI)
The PSNI data leak is a clear and serious breach of data protection regulations. As such, we would encourage anyone affected by the security failure to look at claiming for damages.
Commenting on this case, our Head of Privacy & Data Litigation, Kingsley Hayes said:
“The situation in Northern Ireland is one of the worst mass data breaches I have seen. Officer’s lives could literally be at risk due to a failing in basic data security processes. Unfortunately, while the consequences of this breach could be catastrophic, it’s certainly not a one-off.
“Over the years, we’ve represented many clients who have suffered significant fear and distress after a data protection failure. Including where the loss of personal information has put vulnerable people at risk of violence and physical harm.
“Data breach victims commonly experience high levels of apprehension, and in this case the worry felt by the officers and police staff must be severe. The Northern Ireland police data breach highlights why it is important not to downplay data security failures, and why we must take the impact of such violations seriously.”
We are currently supporting officers in England & Wales to make data protection claims against the Police Federation of England & Wales (PFEW) and Equiniti.
We are also investigating a data breach at Digital ID, which could affect thousands of police officers, including those at the Met and GMP. In total, according to one senior officer, over 20,000 details – including police officers’ names and photos – are “potentially at risk” following this breach.
Our firm is only able to help clients living in England & Wales, so we are not able to run a group action for the PSNI data breach.