Commenting on the announcement that the Information Commissioner’s Office intends to fine the Police Service of Northern Ireland £750,000, Deputy Chief Constable Chris Todd said: “We accept the findings in the ICO’s Notice of Intent to Impose a Penalty and we acknowledge the learning highlighted in their Preliminary Enforcement Notice.  We will now study both documents and are taking steps to implement the changes recommended.  

“Today’s announcement by the ICO that they intend to fine us £750,000 following the data loss of 8 August 2023 is regrettable, given the current financial constraints we are facing and the challenges we have, given our significant financial deficit to find the funding required to invest in elements of the requisite change. We will make representations to the ICO regarding the level of the fine before they make their final decision on the amount and the requirements in their enforcement notice.

“The reports highlight once again the lasting impact this data loss has had on our officers and staff and I know this announcement today will bring those to the fore again.  Since the data loss occurred in August, the Police Service has worked tirelessly to devalue the compromised dataset by introducing a number of measures for officers and staff. We provided significant crime prevention advice to our officers and staff and their families via online tools, advice clinics and home visits.

“In December 2023 a payment of up to £500 was made available to each individual in the organisation whose name was contained on the data set released in reimbursement for equipment or items purchased by those individuals against their own particular safety needs. 90% of officers and staff took up this offer of financial support.

“An investigation to identify those who are in possession of the information and criminality linked to the data loss continues.  Detectives have conducted numerous searches and have made a number of arrests as part of this investigation.

“Following the data loss an Independent Review was jointly commissioned by the Northern Ireland Policing Board and the Police Service of Northern Ireland into the circumstances surrounding loss.  The review published its findings in December and made 37 recommendations that we are now progressing. Fourteen of these have already been implemented with the establishment of the Deputy Chief Constable as the Senior Information Risk Owner (SIRO) and the establishment of a Strategic Data Board and Data Delivery Group.  This will ensure that information security and data protection matters are afforded the support and attention they critically deserve.  The recommendations made now by the ICO reflect some of these already being progressed.

“Work is ongoing to update current policies and develop a new Service Instruction as recommended by the ICO.  Training of officers and staff is ongoing to ensure everything that can be done is being done to mitigate any risk of such a loss occurring in the future.”