The police forces for Norfolk and Suffolk have identified a data breach involving personal identifiable information on victims, witnesses and suspects of a number of crimes.
They said it relates to a “very small percentage” of responses to freedom of information (FoI) requests between April 2021 and March 2022, and involves a technical issue leading to some raw data being included in files produced in the responses.
The data was hidden from anyone opening the files but should not have been included.
In a joint statement, Norfolk and Suffolk Constabularies said the data was held on a specific police system and related to crime reports. It includes the personal identifiable information and descriptions of offences including domestic incidents, sexual offences, assaults, theft and hate crimes.
An analysis has been completed and the forces have begun to contact the individuals, totalling 1,230, who need to be notified. This is expected to take until the end of September to complete.
People will be provided with all the necessary information including what personal data specific to them has been impacted and who they can contact for support.
Sincere regret
Assistant Chief Constable of Suffolk Constabulary Eamonn Bridger said: “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.
“I would like to reassure the public that procedures for handling FoI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”
The forces have notified the Information Commissioner’s Office, whose deputy commissioner, Stephen Bonner, said: It’s too soon to say what our investigation will find, but this breach – and all breaches - highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.
“We are currently investigating this breach and a separate breach reported to us in November 2022.
“In the meantime, we’ll continue to support organisations to get data protection right so that people can feel confident that their information is secure.”