On 8th August 2023, it was announced that there had been a Police Service Northern Ireland (PSNI) data breach. The personal data of police officers and staff members was compromised. In this guide, we will take a look at what happened and what data was exposed by the breach.
A data breach is defined as a security incident that can impact the integrity, confidentiality or availability of personal data. This may occur accidentally or deliberately.
Here in the UK, our personal data is protected by the Data Protection Act 2018 in conjunction with the UK General Data Protection Regulation (UK GDPR). These two laws set how personal data should be protected. Additionally, they set the criteria that need to be met in order to be eligible to make a data breach claim. We examine the claiming requirements and look at data breach compensation.
We conclude our guide with a look at how one of our solicitors specialising in data protection claims can offer their services on a No Win No Fee basis.
Our advisors are available 24/7 with fee advice. If you have any questions, you can contact an advisor on the following details:
Select A Section
- What Was The Police Service Northern Ireland (PSNI) Data Breach?
- Who Is Eligible To Claim For A Data Breach?
- What Impact Could The Data Breach Have On PSNI Staff?
- What Could Compensation Payouts For A Data Breach Include?
- Find Out If A Data Breach Solicitor Could Help You
- Further Resources Relating To The PSNI Data Breach And Compensation Claims
It was announced that the PSNI data breach occurred due to a response to a Freedom of Information (FoI) request. A spreadsheet containing personal data was accidentally sent to the website that made the request. It was then published by ‘What Do They Know’ (a website dedicated to FoI requests), where it was available to the public for over two hours.
It later emerged that an earlier data breach potentially compromised the personal data of 200 officers and staff members when a laptop, radio and spreadsheet were stolen. The spreadsheet contained the names of officers and support staff.
What Information Was Compromised In The PSNI Data Breach?
The PSNI data breach exposed the personal data of staff members and officers, including serving officers.
The spreadsheet contained:
- Surname and first initial
- The rank of officers or grade of support staff.
- Where they are based.
- What unit they work in, including surveillance and intelligence units.
Data subjects are those who have their personal data processed by data controllers such as organisations and employers. Not all data subjects that fall victim to a data breach will be eligible to pursue a compensation claim. To have an eligible personal data breach claim you will need to meet the criteria set in Article 82 of the UK GDPR. This means that you must be able to prove with evidence that:
- The data controller or processor didn’t adhere to the data protection laws leading to a data breach. A controller is generally an organisation. They decide how data is processed and for what purpose. Data processing refers to anything done to personal data, such as its storage or deletion. They may instruct a processor to process data on their behalf.
- Your personal data was included in the breach. Personal data is any information that could identify you as the data subject. This could be directly, such as your name; or indirectly, such as an identity number.
- You came to harm, either mentally or financially, as a result of the inclusion of your personal data in a breach.
If your rights and freedoms can be impacted by the breach, you may receive a letter of notification. The organisation should send you this without undue delay.
The exposure of certain personal data, especially special category data, may result in anxiety, distress or psychological injury. Additionally, criminals could commit identity fraud if they gain access to certain personal data.
In the case of the PSNI data breach, due to the security threat for officers and staff members having their data exposed this way could impact them in several ways, i.e. their safety, finances and have an impact mentally.
If your personal data has been compromised in a breach, our advisors might be able to help you with your next steps. Use the contact details at the top of the screen to get in touch.
If a data breach claim is successful, the settlement will include compensation for any material and non-material damage suffered.
Material damage refers to monetary losses caused by the breach. For example, expenses related to needing to move away from the area in which you live, or criminals gaining access to the funds in your bank account and stealing these. You could submit evidence to prove any losses of this nature, such as copies of your credit report.
Non-material damage refers to data breach distress. This could include post-traumatic stress disorder (PTSD) or anxiety due to the data breach.
In our table below, we look at figures that can be found in the 5th edition of the Green Book. The Green Book helps legal professionals in Northern Ireland value claims by providing guideline compensation brackets. Due to the differences between data breach claims, our table is only to be used as a guide.
|General Psychological Harm
|At this severity, the harm causes marked problems coping with relationships and life to the injured party. The prognosis is also very poor.
|£82,000 – £210,000
|Although the injured party has significant problems coping with life and relationships, the prognosis is better than what is found for more severe cases.
|£47,500 – £125,000
|The injured party has suffered problems coping with life and relationships, but there has been a marked improvement and the prognosis is good.
|£12,000 – £48,500
|How long the injured party suffered a disability as well as to what extent will be considered.
|Up to £15,000
|At this severity, the injured party cannot function at the same level as before the incident. This permanently impacts all areas of life.
|£60,000 – £120,000
|The symptoms cause a significant disability at this severity. However, although they are expected to last into the foreseeable future, professional help could result in some recovery and a better prognosis than more severe cases.
|£45,000 – £95,000
|Some non-grossly disabling symptoms persist, but the injured party has largely recovered at this severity.
|£12,000 – £48,500
|The claimant may experience some minor symptoms beyond 2 years. However, they have made a virtual full recovery.
|£4,500 – £13,000
To find out what potential steps following the PSNI data breach, you could take, please get in touch with an advisor from our team.
If your personal data has been breached by your workplace and you decide to claim, you may wish to instruct a solicitor to help you. At Accident Claims, we have a team of specialist data breach compensation claim solicitors with years of experience in this area.
A solicitor could help you obtain the correct evidence to prove liability and the impact the data breach had on you.
If you reach out to us, one of our advisors can provide a free claim assessment to check the eligibility of your case. In addition, they can give you free advice about what steps you could potentially take following a breach of your personal data as well as a free claim valuation. If your case is eligible, you could also be passed on to one of our specialist data breach solicitors.
Contact Us If The Police Service Northern Ireland Data Breach Impacted You
Please get in touch on the following details:
Additional data breach claim guides:
- How to claim compensation if there’s been a breach of sensitive information.
- Information about how to claim compensation following a trade union data breach.
External websites that you might find useful:
- Data Breach Guidance from the National Cyber Security Centre (NCSC).
- A guide to the Data Protection Act from the government.
- Guidance on how to make a data protection complaint from the ICO.
Thank you for reading this guide about the PSNI data breach.