Crime victims’ data revealed by two police forces in FoI responses

The data leak is the latest in a series of breaches by police forces (Dominic Lipinski/PA)
The data leak is the latest in a series of breaches by police forces (Dominic Lipinski/PA) The data leak is the latest in a series of breaches by police forces (Dominic Lipinski/PA)

The personal data of more than 1,000 people, including victims of crime, was included in Freedom of Information (FoI) responses issued by Norfolk and Suffolk Police, the forces have said.

In a statement, the two East Anglian constabularies said a “technical issue” meant raw crime report data was included in a “very small percentage” of FoI responses issued between April 2021 and March 2022.

It is the latest data breach involving police responses to FoI requests, coming after the Police Service of Northern Ireland published a document which included the names and other details of around 10,000 officers and staff.

A joint statement said: “Norfolk and Suffolk Constabularies have identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.

“A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question. The data was hidden from anyone opening the files, but it should not have been included.

“The data impacted was information held on a specific police system and related to crime reports. The data includes personal identifiable information on victims, witnesses, and suspects, as well as descriptions of offences. It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.

“A full and thorough analysis into the data impacted has now been completed, and today we have started the process of contacting those individuals who need to be notified about an impact to their personal data.

“This will be done via letter, phone, and, in some cases, face to face, depending on what information was impacted and what support is required.

“We expect this process to be complete by the end of September. We will be notifying a total of 1,230 people whose data has been breached.”

The data watchdog the Information Commissioner’s Office (ICO) is investigating.

Stephen Bonner, deputy commissioner at the ICO, said: “The potential impact of a breach like this reminds us that data protection is about people. It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.

“We are currently investigating this breach and a separate breach reported to us in November 2022.

“In the meantime, we’ll continue to support organisations to get data protection right so that people can feel confident that their information is secure.

“If you’re concerned about the way your information has been handled, you can get advice on what to do from our website.”