Table of contents
1. Background to the breaches
The Information Commissioner’s Office (ICO) defines a personal data breach as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
In recent months, the Police Service Northern Ireland (PSNI) has suffered two unconnected data breaches.
The first breach occurred on 6 July 2023, when a police-issued laptop, radio and documents were stolen from a private vehicle in Newtownabbey, Northern Ireland. The laptop contained a spreadsheet detailing sensitive information, including the names of 200 PSNI officers and staff, their home addresses and phone numbers. The theft was reported to the PSNI’s information security unit on 27 July 2023, with officers and staff informed on 4 August 2023. Assistant Chief Constable Chris Todd addressed the breach, stating that the stolen laptop and radio had been deactivated shortly after the incident. He also expressed confidence that no data had been lost from the stolen devices and that the devices were “of no use to any third party”.
The second breach took place on 8 August 2023, when a spreadsheet containing the personal details of 10,000 officers and civilian staff was accidentally published online in response to a freedom of information request. The spreadsheet contained details such as names, ranks, locations and unit information. The data remained online for approximately three hours before being removed. Chief Constable Simon Byrne apologised for what he described as an “industrial-scale breach of data”. He emphasised that the priority of the PSNI was the safety and welfare of its officers and staff during this “unprecedented incident”. On 14 August 2023, the PSNI confirmed that dissident republicans had obtained the data.
The information commissioner, John Edwards, described the breach as “deeply concerning” and stated that the ICO was investigating the breach as a “matter of urgency”.
2. Potential implications
Some commentators have speculated on the possible implications for the PSNI, its officers and staff. This includes concerns over the safety of PSNI officers and staff and damage to the reputation of the PSNI.
The chair of the Police Federation for Northern Ireland, Liam Kelly, described the breach as “monumental” and stated that it had left PSNI officers and staff feeling “particularly vulnerable”. In an interview with Sky News on 9 August 2023, Kelly warned that some officers might not continue in their roles due to safety concerns. Therefore, he called on the PSNI to be “very clear” with those affected about what it could do to “limit the damage” caused by the breach and to “rebuild the trust” in the police service’s ability to support and protect their identities.
In an article for the Conversation in August 2023, Kevin Hearty, a criminology lecturer at Queen’s University Belfast, said the data leak was “incredibly dangerous”. He attributed this to three reasons:
- First, it could put serving police officers at risk of violence from armed Irish republican groups. He stated that such groups have rejected the Good Friday Agreement (1998) (also known as the Belfast Agreement) and viewed the PSNI as “legitimate targets” because they “uphold the constitutional status quo of post-Good Friday Agreement Northern Ireland”.
- Second, he argued that the data breach highlighted the challenges that the service faced in recruiting officers from working-class Catholic, nationalist, republican and working-class Protestant, unionist and loyalist backgrounds. He noted that the PSNI has struggled to recruit officers from these communities for several reasons, such as the security threat, the “problematic relationship” these communities had with the PSNI’s predecessor, the Royal Ulster Constabulary (RUC), and ongoing political tensions.
- Last, he stated that the data breach might evoke memories of the “deliberate intelligence leaks” that occurred during the Troubles, when the RUC allegedly shared personal information of nationalists with state agents within loyalist groups who were accused of then murdering them. He argued that this issue “remains at the core of grievances over state collusion during the Troubles”.
Providing a similar warning, Jonny Byrne, a criminology lecturer at Ulster University, argued that dissident groups could exploit the data breach to their advantage. Speaking to the Guardian in August 2023, Byrne stated that dissident groups disclosing the identities of police officers and their families could discourage recruitment efforts, disrupt communities and trigger memories of the Troubles. He asserted that even if these dissident groups had “limited capacity” to launch attacks, the threat of violence could be enough to “change behaviour and operational policing”.
3. Political reaction
In a statement on X (formerly Twitter) published on 8 August 2023, the secretary of state for Northern Ireland, Chris Heaton-Harris, said that he was “deeply concerned” at the breach and noted that officials in his department were in “close contact” with senior officers in the PSNI.
On 14 August 2023, a version of the leaked spreadsheet and a photo of Sinn Fein’s policing spokesperson, Gerry Kelly, was posted on a wall facing a Sinn Fein office in Belfast. Responding to the incident, Mr Kelly stated that it was an “obvious attempt” by dissidents to intimidate him. He also said that:
Sinn Fein represents the vast majority of people in the nationalist community and we will certainly not be intimidated by dissident groups who have virtually no support and who offer nothing but disruption and threats in an attempt to make themselves relevant. They should disband and end their anti-community activities.
The Ulster Unionist Party representative on the Northern Ireland Policing Board, Mike Nesbitt MLA, had previously called for an emergency meeting to discuss the breach. In addition, the former vice chair of the Social Democratic and Labour Party and NI Policing Board member Tom Kelly called on Simon Byrne to resign as chief constable. During an interview with BBC News on 15 August 2023, Kelly argued that the “buck stops at the top of any organisation” and that Byrne was “ultimately responsible”.
However, Naomi Long, the leader of the Alliance Party and a former justice minister, pointed out that the absence of a Northern Ireland Assembly meant that a replacement chief constable could not be appointed in the event of Byrne’s resignation. Also speaking to BBC News, she cautioned against “knee-jerk reactions”. Instead, she called for a “very robust investigation”, arguing that the breach “exposes a systemic failure in terms of data protection within the PSNI”. The leader of the Democratic Unionist Party, Sir Jeffrey Donaldson, also stated that he did not think Mr Byrne should resign. In an interview with Radio 4’s Today programme, Mr Donaldson stated that it was “important” that Mr Byrne “oversees this stage of the process” and that leadership was “necessary to ensure stability within the PSNI”.