Data Breach – lessons learned continued

How does a Law Enforcement Agency (LEA) protect its employees from harm?  Amongst numerous activities and items, it provides secure premises, work procedures and protects information on its personnel. There is a high expectation from employees and society that the huge amount of data collected, held and processed by LEAs will be done so legally and securely. The review of the data breach identified many issues, the high level ones being processes and policies within an organisation, organisational structure, governance and accountability.  It also highlighted how important the culture within an organisation is in relation to data, how important employing and developing talent and skills is towards current and new data use.  It would appear that many UK LEAs still have much development and improvement in data and information management to enable and protect in a rapidly evolving technological area.  Data and security are everyone’s business and need to be managed and nurtured in the same way as people and financial resources. The importance of user friendly policies, processes and systems was emphasized. The driver should be users rather than tech providers, as can be demonstrated in many EU funded projects, with the tech providers trying to elicit the requirements from LEAs to enable wanted and needed solutions.  Privacy by design with effective internal and external security, access controls and  audit mechanisms need to in place.  This short article has highlighted some of the key learning from the recent review following a major data breach.  The full review can be found at https://www.nipolicingboard.org.uk/files/nipolicingboard/2023-12/review-of-the-psni-data-breach-8-august-2023.pdf.

Author (s): Graham Kissock