The Police Service of Northern Ireland inadvertently exposed the personal information of over 9,500 staff members due to a data handling error. The breach resulted from a freedom of information (FOI) request seeking a breakdown of staff roles. An employee failed to remove a hidden tab, which contained a spreadsheet of raw data, including employees' surnames, first initials, ranks or grades, gender, location, and unit.

At least five individuals failed to detect the mistake before the information was published on an FoI website for two and a half hours before being removed. In the aftermath, one officer resigned, and 50 others have gone on sick leave. More than 4,000 officers and staff are now exploring legal action over the breach.

As a privacy professional, I firmly believe this data breach was preventable. The incident was due to outdated information management practices, demonstrating the urgent need for modern data security tools and stronger privacy risk management. This is especially critical for law enforcement agencies, which must implement stringent safeguards when handling sensitive personal data.

This breach also highlights the importance of robust data governance solutions and regular data audits to detect and fix potential vulnerabilities before they lead to serious security incidents. Law enforcement and other high-risk sectors must proactively manage privacy risks to prevent similar breaches and protect those whose data they are entrusted with.