Data Breach – lessons learned

All intelligence has aspects that can be called data.  This can range from locations, numbers, biometrics, names and other personal information.  Both Law Enforcement and criminal organisations rely upon the collection, storage and use of this data for many purposes.  How the various organisations keep the data secure and safe whilst accessible and useful is a major issue.  On the 8th August 2023, the PSNI published the personal information of all its employees on a public website in response to a Freedom of Information request.  This data breach has had a significant impact on the PSNI and confidence in police in the wider community.  It also became known the data became available to violent Irish republican terrorist groups who target police personnel.  The data breach led to several actions, arrests of individuals who had the data and may wish to use it to harm police personnel, an internal review and risk/harm assessment and two external investigations.  The next two articles will be based on the recently published external review that is publically available and will seek to explore lessons learned from this incident and how these could be used for law enforcement learning within the NOTIONES project.

Author (s): Graham Kissock