A PSNI unit tasked with managing security around information was only told about the theft of a laptop and spread sheet containing the names of 200 officers and staff three weeks after it happened.
The laptop, radio and hard copy were stolen from a car parked in the Abbey Centre in Newtownabbey on July 6. A superintendent left the items in the car to go shopping, the Sunday Life reported.
Data on the computer was wiped remotely "shortly afterwards" but the spread sheet is understood to have contained the names and stations of the 200 officers.
The PSNI's Information Security Unit was informed on July 27. Following investigations, the Information Commissioners’ Officer was told on July 31 before impacted officers and staff were informed on August 4.
Following the theft, the laptop and radio were deactivated “shortly afterwards", Assistant Chief Constable Chris Todd said on Saturday.
"We are confident no data has been lost from these devices and they are of no use to any third party,” he said. “Our Information Security Unit (was) informed on July 27."
ACC Todd said: "As there was a delay, our Information Security Unit had to conduct their own enquiries to be clear on what accurate information could be conveyed to the Information Commissioners Office who were then informed on July 31.
“The precise nature of the missing data had to be confirmed before we could inform our officers and staff on August 4. We have worked with our Data Protection Officer and sought legal advice and guidance to ensure the information we provided to our employees was accurate.”
An investigation is being carried out into how the thief or thieves were able to break into the car and the circumstances around how it was picked out among potentially dozens of vehicles.
Details of the security breach in Newtowabbey followed the release of the names and stations of all PSNI officers and staff.
The information was contained in response to a Freedom of Information request. Dissident republicans claim they have the information, Chief Constable Simon Byrne said last week.
The FoI request passed through at least three different departments before the information was released. .
According to the PSNI, the Information Security Unit "identifies risk and satisfies itself...that security arrangements are fit for purpose and that identified risks are managed effectively, collectively and proportionately."
"In order to share the data with those that need it and protect it from those that don’t, information security and records management are fundamental to how the police manage many of the challenges faced in policing today," the PSNI state on its website.
"It is vital for maintaining public confidence and for the safe and secure conduct of operations and services.
"Without robust information assurance governance and processes, there is a significant risk of compromise, potentially leading to the facilitation of crime, public safety issues, hindrance to investigations, financial loss, damage to organisational reputation and, consequently, a reduction in confidence from the public and partners."
