Crime victims’ data revealed by two police forces in FoI responses

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

The personal data of more than 1,000 people, including victims of crime, was included in Freedom of Information (FoI) responses issued by Norfolk and Suffolk Police, the forces have said.

In a statement, the two East Anglian constabularies said a “technical issue” meant raw crime report data was included in a “very small percentage” of FoI responses issued between April 2021 and March 2022.

The data included personal identifiable information on victims, witnesses and suspects relating to a range of offences including sexual offences, domestic incidents, assaults, hate crime and thefts, according to the forces.

Victims of sexual offences should have lifelong anonymity under the law.

The forces said they have so far found “nothing” to suggest that anyone outside policing has accessed the data.

It is the latest data breach involving police responses to FoI requests, coming after the Police Service of Northern Ireland published a document which included the names and other details of around 10,000 officers and staff.

A joint statement said: “Norfolk and Suffolk Constabularies have identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.

“A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question. The data was hidden from anyone opening the files, but it should not have been included.”

Suffolk Police clarified that the raw data was contained in an Excel spreadsheet which was “hidden” within the files.

The force added that it could not be seen by simply opening the files and that anyone accessing it would need to know what they were looking for.

“A full and thorough analysis into the data impacted has now been completed, and today we have started the process of contacting those individuals who need to be notified about an impact to their personal data,” the joint statement continued.

“This will be done via letter, phone, and, in some cases, face to face, depending on what information was impacted and what support is required.

“We expect this process to be complete by the end of September. We will be notifying a total of 1,230 people whose data has been breached.”

Assistant Chief Constable of Suffolk Police, Eamonn Bridger, apologised for the incident and said: “We sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.”

Tim Passmore, the Police and Crime Commissioner for Suffolk, echoed he apologies and said: “I will also be looking at a full review of the Constabulary’s information-sharing processes to guard against something like this ever happening again.”

The data watchdog the Information Commissioner’s Office (ICO) is investigating.

Stephen Bonner, deputy commissioner at the ICO, said: “The potential impact of a breach like this reminds us that data protection is about people. It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.

“We are currently investigating this breach and a separate breach reported to us in November 2022.

“In the meantime, we’ll continue to support organisations to get data protection right so that people can feel confident that their information is secure.

“If you’re concerned about the way your information has been handled, you can get advice on what to do from our website.”