At the beginning of the week, it was announced that the Police Service for Northern Ireland (PSNI) had a data breach. It resulted in the personal data of staff being compromised in response to a Freedom of Information (FOI) request. Later in this guide, we provide further details on the breach, including how it occurred, the information affected, and the steps you could potentially take if your personal data was included.
Furthermore, we outline the legislation in place to protect the personal data of UK residents. As well as examine the roles of data controllers and data processors who must adhere to data protection laws. Data controllers decide why and how your personal data will be processed, and whilst they can process it themselves, they can outsource this task to a data processor who acts on their instruction.
Additionally, we look at the eligibility requirements for data breach claims to help you understand when you could have valid grounds to seek compensation. Also, we discuss the value of data breach compensation in successful claims.
For more information on the PSNI data breach and compensation claims, please contact an advisor. They can answer any questions you might have whilst or after reading our guide. To get in touch, you can:
- Call an advisor on 0333 000 0729
- Enquire about starting a potential claim by filling out the contact form
- Chat with an advisor via the live chat function below
Select A Section
- The Police Service Northern Ireland PSNI Data Breach Explained
- Criteria To Claim Compensation For A Data Breach
- What Steps Can You Take If You Were Impacted By The PSNI Data Breach?
- How Payouts For Workplace Data Breach Claims Are Calculated
- Could A Solicitor Help Me Claim For A Data Breach?
- Discover More About Data Breach Claims
The Police Service Northern Ireland PSNI Data Breach Explained
The PSNI data breach involved a spreadsheet containing the personal data of officers and staff being published online. This was shared in error when responding to an FOI request which originally asked for information about the number of officers at each rank and the number of staff at each grade. The personal data was published on a site called ‘What Do They Know’ for more than 2 hours before it was taken down. As such, it is difficult to know who accessed the information.
The incident has been reported to the Information Commissioner’s Office (ICO), the independent body set up to uphold the information rights and freedoms of data subjects. The ICO released a statement in which they expressed that this incident raises serious concerns. They have said it highlights that even small human errors can result in major consequences for those affected. Whilst they are unsure of the extent to which the personal information was accessed while it was published, they are investigating the incident and working with PSNI to understand the level of risk caused.
Source: https://www.bbc.co.uk/news/uk-northern-ireland-66448442
What Is The Impact Of The PSNI Data Breach?
The personal data relating to officers and staff was shared in error when responding to an FOI request, including:
- Names, including surnames and initials
- Where they are based and the unit they work in, including sensitive areas such as surveillance and intelligence
- Roles, including their rank and grade
The breach has sparked concerns about the safety of those affected. Many employees take great efforts to keep their employment a secret, as PSNI officers have been the targets of Republican paramilitaries in recent years.
If you have evidence that your personal data was affected in the PSNI data breach and this caused you emotional harm, or financial damage, please contact an advisor to discuss the potential steps you could take.
Source: https://www.bbc.co.uk/news/uk-northern-ireland-66447388
Source: https://news.sky.com/story/northern-ireland-police-data-breach-psni-officers-left-incredibly-vulnerable-due-to-human-error-12936303
Criteria To Claim Compensation For A Data Breach
The UK General Data Protection Regulation sits alongside the Data Protection Act 2018 to protect your personal data and set out the responsibilities data controllers, and data processors have with regard to the processing of your personal data.
Personal data is any information that can be used to identify you, including your name, postal address, email address, credit card or debit card details and phone number. A breach of personal data can be defined as a security incident in which the integrity, availability, and confidentiality are affected.
In order to have valid grounds to start a personal data breach claim, the following criteria need to be met:
- A data controller or data processor did not uphold the responsibilities set in the UK GDPR and DPA 2018.
- Your personal data was compromised in a breach, such as through human error or a cyber attack.
- Due to the personal data breach, you experience mental harm, monetary losses, or both.
It’s also important that you start your data breach claim in the relevant time frame. Generally, you will have 6 years to initiate legal proceedings, but this can be reduced to 1 year when the claim is against a public body.
For more information on when you could be eligible to make a police data breach claim, and how long you have to do so, please contact an advisor at the number above.
What Steps Can You Take If You Were Impacted By The PSNI Data Breach?
If you were affected by the PSNI data breach, there are some steps you could potentially take. Firstly, data controllers must notify you of a breach without undue delay if it has put your rights and freedoms at risk. They can do this via phone or letter.
However, if you haven’t been contacted and you suspect that your personal data has been compromised, you can get in touch with the organisation directly. You can do this either in writing or verbally. If you don’t receive any response or the response you are given is inadequate, you could raise your concerns with the ICO. However, you must do so within 3 months of your last meaningful contact with the organisation. The ICO has the power to investigate your concerns.
Secondly, you can take steps to gather evidence if you have been mentally or financially impacted by the data breach. This could include copies of medical records if they show you experienced mental harm, such as stress, anxiety, or depression. They could also show the breach has exacerbated a pre-existing mental health condition, such as post-traumatic stress disorder. Evidence of financial losses could include payslips if you have lost income due to the impact the breach has had on your mental health.
Finally, you could benefit from seeking legal advice. A solicitor can answer any pressing questions you may have.
Find out more about the potential steps you could take following a personal data breach by your workplace that caused you harm by calling an advisor on the number above.
How Payouts For Workplace Data Breach Claims Are Calculated
After a successful data breach claim, a settlement will be awarded to compensate you for the material damage and non-material damage you have suffered as a result of a breach.
Material damage refers to the financial losses caused by the personal data breach, such as the cost of having to relocate or change jobs. Non-material damage refers to the psychological harm caused by the personal data breach, such as distress, stress, anxiety, or in more severe cases, PTSD.
When calculating the value of non-material damage for claims made in Northern Ireland, solicitors can refer to the 5th edition of The Green Book, which contains guideline compensation brackets. You can find some of the figures which correspond to different types of mental harm in the table below. Please use these figures as a guide only.
| Harm Type | Severity Level | Amount - Guideline Brackets | Notes |
|---|---|---|---|
| Mental Harm | Severe | £82,000 – £210,000 | The person experiences marked issues that affect all areas of their life. As such, they have a very poor prognosis. |
| Moderately Severe | £47,500 – £125,000 | There are significant problems impacting all areas of the person's life but with a better prognosis than cases in the above bracket. | |
| Moderate | £12,000 – £48,500 | While there may have been problems associated with all areas of life there has been a marked improvement with any ongoing issues not causing a major disability. |
|
| Less Severe | Up to £15,000 | Consideration is given to the length of time the person was affected, and to what extent. | |
| Anxiety Disorder | Severe | £60,000 – £120,000 | All aspects of the person's life are badly affected and they cannot function as they did before the trauma. |
| Moderately Severe | £45,000 – £95,000 | Despite the effects being likely to cause a significant disability for the foreseeable future, the person has a better prognosis due to some recovery achieved through professional help. | |
| Moderate | £12,000 – £48,500 | The injured person will have largely recovered and any continuing effects will not be grossly disabling. | |
| Less Severe | £4,500 – £13,000 | A virtually full recovery is made within a couple of years and only minor issues continue over a longer period of time. |
For more information on how data breach compensation claims are calculated, please call an advisor. They can offer a free personalised valuation of your case.
Could A Solicitor Help Me Claim For A Data Breach?
A solicitor could assist you in claiming for a personal data breach if you have valid grounds to proceed. They offer services such as:
- Help to gather evidence
- Valuing claims
- Providing regular updates on the progress of your case
- Presenting your case in full within the time limit
The solicitors on our panel have experience handling data breach claims and offer services similar to these nationwide. As such, you won’t be restricted to instructing a solicitor in your local area.
Talk To Us About How The PSNI Data Breach Impacted You
For more information on the potential steps you could take if your personal data was compromised in the PSNI data breach, and this caused you harm, please contact our team of helpful advisors. To reach them, you can:
- Call an advisor on 0333 000 0729
- Enquire about starting a potential claim by filling out the contact form
- Chat with an advisor via the live chat function below
Discover More About Data Breach Claims
For more of our helpful guides:
- Find out if you could claim following a data protection breach at work with our guide.
- Learn when to report a data protection breach with our helpful guide.
- Read when you could make a claim for an accidental workplace data breach.
For more external resources:
- ICO – Make a data protection complaint
- National Cyber Security Centre – Information about online safety and cyber security
- PSNI – Statement about the data breach
Thank you for reading our guide on the PSNI data breach. Call our team if you have any further questions.
