Tag: data

What Has the Freedom of Information Act Ever Done for Us? 

1st January 2025 marked the 20th anniversary of the Freedom of Information (FOI) Act 2000 coming into force. FOI advocates argue that the Act has transformed the landscape of public information access, empowering citizens, journalists, and organisations to hold public bodies more accountable while fostering a culture of openness. However, some critics consider it a “snooper’s charter” that has impeded government efficiency. Tony Blair, whose government enacted FOI, expressed regret in his memoirs: 

“Freedom of Information. Three harmless words. I look at those words as I write them, and feel like shaking my head till it drops off my shoulders. You idiot. You naive, foolish, irresponsible nincompoop. There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it.” 

With these differing views in mind, let’s take a closer look at some of the FOI Act’s achievements.  

Greater Transparency 

One of the most significant achievements of the FOI Act is its enhancement of transparency in government operations. By granting individuals the right to request information from public authorities, the Act has helped lift the veil on many aspects of governmental and institutional processes. This increased transparency has led to greater scrutiny of decision-making, financial management, and policy implementation. 

A notable example of this was the 2009 MPs’ expenses scandal. FOI requests exposed widespread misuse of public funds by Members of Parliament, leading to resignations, repayments, and reforms in the parliamentary expenses system. Such revelations underscore how the FOI Act has empowered citizens to hold public officials accountable. 

Empowering Citizens and Strengthening Democracy 

The FOI Act has also played a pivotal role in empowering citizens. By democratising access to information, it allows anyone to request details from public bodies without needing to justify their reasons. This access enables citizens to engage more effectively in public debates and advocacy efforts, armed with facts and data obtained through FOI requests. 

One example of this empowerment was seen in 2013 when FOI requests helped expose racial disparities in police stop and search practices. This revelation sparked widespread public concern and contributed to reforms in policing policies.
Similarly, FOI requests uncovered the disproportionate closure of public libraries in deprived areas, prompting national discussions on equitable access to public services. 

Accountability Through Public Scrutiny 

Accountability is a cornerstone of good governance, and the FOI Act has played an instrumental role in ensuring that public officials and institutions are answerable to the people they serve. Numerous FOI disclosures have led to public outcry and prompted subsequent reforms.  

For example, in 2006, widespread concern about knife crime, fuelled by several
high-profile cases, led to a highly publicised knife amnesty by the police.
Tens of thousands of knives were handed in. However, an FOI request later revealed that a statistical evaluation of the amnesty in London found that, just weeks after the operation, knife crime rates were back to pre-amnesty levels. This disclosure, which might otherwise have been suppressed, demonstrated how FOI can provide vital, often inconvenient, truths that drive public policy. 

Promoting Ethical Conduct and Integrity 

The FOI Act has not only exposed wrongdoing but also served as a deterrent against unethical behaviour. Public officials are more likely to act with integrity, knowing that their actions could be subject to public scrutiny. 

In 2021, a BBC Panorama investigation revealed serious patient safety issues buried in confidential hospital reports. FOI requests led to the discovery of 111 reports, authored by medical royal colleges, which NHS trusts were legally obligated to share. Of those, only 26 were published, and 80 had not been shared with regulators at all. The resulting public outcry prompted greater attention to transparency within the NHS. 

Challenges and the Road Ahead 

Despite its successes, the FOI Act has faced several challenges, and notable gaps in the framework still need to be addressed. Currently, it does not extend to private entities performing public functions or receiving substantial public funding. Surprisingly, the Labour General Election manifesto made no reference to FOI despite the Party arguing for many years that private contractors delivering public services should be subject to FOI.  This leaves a significant transparency gap, where key information remains inaccessible. Expanding the scope of the FOI to include these entities would help ensure that transparency and accountability are maintained across all sectors receiving public money. 

Another challenge is the slow or inadequate response to FOI requests by some public authorities. While the Information Commissioner has taken action in recent years to hold public bodies accountable for FOI failures, from police forces to local councils and government departments, response times can still be unacceptably long. 

Although FOI contains exemptions to protect sensitive information, there are instances where these exemptions are applied excessively or inappropriately, leading to the withholding of information that could otherwise be disclosed. This undermines the spirit of the Act and hampers transparency. (See the recent article in the Guardian “Dubious’ use of the Freedom of Information Act stopping access to files on Prince Andrew, researchers say”). In 2021 current and former editors of Britain’s leading newspapers expressed concern over the government’s handling of FOI requests. 
In an open letter, they called for an investigation into a Cabinet Office unit – the Clearing House – which is alleged to have profiled journalists and blocked FOI requests.  

As we celebrate the 20th anniversary of the Freedom of Information Act, it is clear that the Act has been a game-changer for transparency, accountability, and democratic engagement in the UK. While there have been notable achievements, the journey is far from complete. To maximise its potential, the FOI Act should be strengthened in key areas, including expanding its coverage and ensuring that public authorities are adequately resourced to handle requests in a timely and efficient manner. The next 20 years will be critical in determining whether the FOI can continue to serve its intended purpose: fostering an informed, engaged, and accountable public. 

Enjoy reading our blog? Help us reach 10,000 subscribers by subscribing today!

Are you an experienced FOI officer wishing to advance your career in 2025. Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner Certificate. It will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities. 

Stolen NHS Patient Data Published on Dark Web

NHS England has now confirmed its patient data, managed by blood test management organisation Synnovis, was stolen in a ransomware attack on 3rd June. According to the BBC some of that data has been published on the dark web by the hackers. 

On 4th June 2024, the Independent reported that two major London hospital trusts had to cancel all non-emergency operations and blood tests due to a significant cyber attack. Both King’s College Hospital Foundation Trust and Guy’s and St Thomas’ Hospitals Foundation Trusts have seen their pathology systems compromised by malware.

Synnovis, the service provider responsible for blood tests, swabs, bowel tests, and other critical services for these hospitals, was targeted in this attack. The impact was widespread, affecting NHS patients across six London boroughs. 

It now transpires that, Qilin, a Russian cyber-criminal group, shared almost 400GB of private information on their darknet site on Thursday night.  A sample of the stolen data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests. NHS England said in a statement that there is “no evidence” that test results have been published, but that “investigations are ongoing”.

The Information Commissioner’s Office said in statement:

“While we are continuing to make enquiries into this matter, we recognise the sensitivity of some of the information in question and the worry this may have caused.

“We would urge anyone concerned about how their data has been handled to check our website for advice and support, as well as visiting NHS England’s website.”

We have two workshops coming up in September (Introduction to Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to up skill their employees about data security. See also our Managing Personal Data Breaches Workshop.  

Stolen NHS Data Published on Dark Web

A large volume of NHS data has been published by a ransomware group on the dark web. This follows the recent cyber attack on NHS Dumfries and Galloway, when cyber criminals were able to access a significant amount of data including patient and
staff-identifiable information. Data relating to a small number of patients was released in March, and the cyber criminals had threatened that more would follow.

Reacting to the latest publication of data, NHS Dumfries and Galloway Chief Executive Julie White said: “This is an utterly abhorrent criminal act by cyber criminals who had threatened to release more data.

“We should not be surprised at this outcome, as this is in line with the way these criminal groups operate.

“Work is beginning to take place with partner agencies to assess the data which has been published. This very much remains a live criminal matter, and we are continuing to work with national agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government.”

Mrs White added: “NHS Dumfries and Galloway is conscious that this may cause increased anxiety and concern for patients and staff, with a telephone helpline sharing the information hosted at our website available from tomorrow.

“Data accessed by the cyber criminals has now been published onto the
dark web – which is not readily accessible to most people.”

“Recognising that this is a live criminal matter, we continue to follow the very clear guidance being provided to us by national law enforcement agencies.”

NHS Dumfries and Galloway advised people to be alert for any attempts to access their work and personal data. It has also set up a helpline for anyone concerned about the attack and is working with police and other agencies as investigations continue.

In December last year, NHS Fife was formally reprimanded by the Information Commissioner’s Office (ICO) following an incident where an unauthorised individual accessed sensitive patient information.

We have two workshops coming up (How to Increase Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to upskill their employees about data security. 

MOD Payroll Data Hacked

The government has raised concerns about a cyber attack on an armed forces payroll system, with indications pointing towards China as the suspected perpetrator. Defence Secretary Grant Shapps is set to address Members of Parliament today, although he is not expected to directly attribute blame to any specific party.
Instead, he is likely to emphasise the threat posed by cyber espionage activities conducted by hostile states.

The affected system, utilised by the Ministry of Defence (MoD), contains sensitive information such as names and bank details of armed forces personnel, with a few instances where personal addresses may also be included. Managed by an external contractor, the breach came to light in recent days, prompting government action, although there’s no evidence suggesting data was actually extracted from the system.

The investigation into the breach is still in its early stages and attributing responsibility can be a complex and time-consuming process. While official accusations may not be made immediately, suspicions are reportedly pointing towards China, given its history of targeting similar datasets.

Those impacted by the breach will receive communication from the government regarding the incident, with a focus on addressing potential fraud risks rather than immediate personal safety concerns.

At the time of writing it is not clear if the MoD has reported the data breach to the ICO as required by the UK GDPR. In December 2023, the MoD was fined £350,000 for disclosing personal information of people seeking relocation to the UK shortly after the Taliban took control of Afghanistan in 2021. 

We have two workshops coming up (How to Increase Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to upskill their employees about data security. 

The MoD GDPR Fine: The Dangers of Email 

Inadvertent disclosure of personal data on email systems has been the subject of a number of GDPR enforcement actions by the Information Commissioner’s Office (ICO) in the past few years. In 2021, the transgender charity Mermaids was fined £25,000 for failing to keep the personal data of its users secure. The ICO found that Mermaids failed to implement an appropriate level of security to its internal email systems, which resulted in documents or emails containing personal data being searchable and viewable online by third parties through internet search engine results. 

Failure to use blind carbon copy (BCC) correctly in emails is one of the top data breaches reported to the ICO every year. Last year the Patient and Client Council (PCC) and the Executive Office were the subject of ICO reprimands for disclosing personal data in this way. In October 2021, HIV Scotland was issued with a £10,000 GDPR fine when it sent an email to 105 people which included patient advocates representing people living with HIV. All the email addresses were visible to all recipients, and 65 of the addresses identified people by name. From the personal data disclosed, an assumption could be made about individuals’ HIV status or risk.  

The latest GDPR fine was issued in December 2023, although the Monetary Penalty Notice has only just been published on the ICO website. The ICO has fined the Ministry of Defence (MoD) £350,000 for disclosing personal information of people seeking relocation to the UK shortly after the Taliban took control of Afghanistan in 2021. 

On 20th September 2021, the MoD sent an email to a distribution list of Afghan nationals eligible for evacuation using the ‘To’ field, with personal information relating to 245 people being inadvertently disclosed. The email addresses could be seen by all recipients, with 55 people having thumbnail pictures on their email profiles.
Two people ‘replied all’ to the entire list of recipients, with one of them providing their location. 

The original email was sent by the team in charge of the UK’s Afghan Relocations and Assistance Policy (ARAP), which is responsible for assisting the relocation of Afghan citizens who worked for or with the UK Government in Afghanistan.
The data disclosed, should it have fallen into the hands of the Taliban, could have resulted in a threat to life. 

Under the UK GDPR, organisations must have appropriate technical and organisational measures in place to avoid disclosing people’s information inappropriately. ICO guidance makes it clear that organisations should use bulk email services, mail merge, or secure data transfer services when sending any sensitive personal information electronically. The ARAP team did not have such measures in place at the time of the incident and was relying on ‘blind carbon copy’ (BCC), which carries a significant risk of human error. 

The ICO, taking into consideration the representations from the MoD, reduced the fine from a starting amount of £1,000,000 to £700,000 to reflect the action the MoD took following the incidents and recognising the significant challenges the ARAP team faced. Under the ICO’s public sector approach, the fine was further reduced to £350,000.  

Organisations must have appropriate policies and training in place to minimise the risks of personal data being inappropriately disclosed via email. To avoid similar incidents, the ICO recommends that organisations should: 

  1. Consider using other secure means to send communications that involve large amounts of data or sensitive information. This could include using bulk email services, mail merge, or secure data transfer services, so information is not shared with people by mistake.  
  1. Consider having appropriate policies in place and training for staff in relation to email communications.  
  1. For non-sensitive communications, organisations that choose to use BCC should do so carefully to ensure personal email addresses are not shared inappropriately with other customers, clients, or other organisations. 

More on email best practice in the ICO’s email and security guidance

We have two workshops coming up (How to Increase Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to upskill their employees about data security. We have also just launched our new workshop, Understanding GDPR Accountability and Conducting Data Protection Audits. 

ICO Reprimand for NHS Patient Data Breach

In a concerning revelation of data security lapses, NHS Fife has been formally reprimanded by the Information Commissioner’s Office (ICO) following an incident where an unauthorised individual accessed sensitive patient information. The breach occurred in a hospital ward and highlights key learnings for all organisations regarding security protocols for personal data.

Incident Overview

The case came to light after the ICO, discovered that the personal information of 14 patients was compromised. The incident, which took place in February 2023, involved an individual who was able to access secure documents and participate in administering care to a patient, highlighting a lack of identity verification checks at the hospital.

ICO Investigation Findings

The ICO’s investigation unveiled several deficiencies in NHS Fife’s approach to data protection. Notably, staff training on safeguarding personal information was found to be inadequate. The ICO found training rates across the hospital were at only 42% although on the ward it was at 82%. This low rate was attributed to the Covid-19 Pandemic and a three-year training cycle. Additionally, the ICO pointed out that the hospital’s CCTV system had been mistakenly turned off by a staff member before the incident as part of wider energy-saving measures being implemented across the hospital. Although this would not have prevented the incident, it further complicated the recovery of the missing documents as the individual was not able to be identified.

Natasha Longson, ICO Head of Investigations, stressed the importance of stringent data security in healthcare. “Patient data is highly sensitive and needs the highest level of security. Trust in data security is pivotal when accessing healthcare services,” she remarked. 

Echoes of NHS Lanarkshire Incident

This is not the first instance of such a breach within the NHS system. Months earlier, NHS Lanarkshire faced a similar reprimand for unauthorised staff use of WhatsApp to share patient data over the course of two years, leading to data access by a non-staff member.

In the Lanarkshire incident, between April 2020 and April 2022, 26 staff at NHS Lanarkshire had access to a WhatsApp group where patient data was entered on more than 500 occasions, including names, phone numbers and addresses. Images, videos and screenshots, which included clinical information, were also shared. While it was made available for communicating basic information only at the start of the pandemic, WhatsApp was not approved by NHS Lanarkshire for processing patient data and was adopted by these staff without the organisation’s knowledge. A non-staff member was also added to the WhatsApp group in error, resulting in the inappropriate disclosure of personal information to an unauthorised individual. Additionally, it is worth bearing in mind, public sector organisations face the added risk of WhatsApp communications being disclosed to court proceedings after the High Court ruling in July of this year. The product of that ruling is currently being played out for us now

Corrective Measures and Recommendations

In response to this incident, NHS Fife has introduced new procedures, including stringent sign-in and out systems for documents containing patient data and updated ID verification processes. The ICO has also recommended that NHS Fife enhance its data protection strategies by conducting more frequent training for staff and providing clear written security guidelines as well as updating policies and procedures whilst clearly highlighting archived policies. The ICO also requested to be updated on these measures in a six-month follow up. 

Organisations can use these findings to ensure that all the recommendations mentioned above are being implemented within their organisations. The ICO added:

“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access. We are pleased to see that NHS Fife has introduced new measures to prevent similar incidents from occurring in the future.”

Learn more about data breaches with our UK GDPR Practitioner Certificate. Dive into the issues discussed in this blog and secure your spot before spaces run out.

The NHS-Palantir Deal: A Pandora’s Box for Patient Privacy? 

The National Health Service (NHS) of England’s recent move to sign a £330 million deal with Palantir Technologies Inc. has set off alarm bells in the realm of patient privacy and data protection. Palantir, a data analytics company with roots in the U.S. intelligence and military sectors, is now at the helm of creating a mammoth NHS data platform. This raises critical questions: Is patient privacy the price of progress? 

The Controversial Contractor 

Palantir’s pedigree of working closely with entities like the CIA and its contribution to the UK Ministry of Defence has painted a target on the back of the NHS’s decision. This association, coupled with its founder’s contentious remarks about the NHS, casts a long shadow over the appointment. Critics highlight Palantir’s controversial history, notably its involvement in supporting the US immigration enforcement’s stringent policies under the Trump administration. The ethical ramifications of such affiliations are profound, given the sensitive nature of health data. Accenture, PwC, NECS and Carnall Farrar will all support Palantir, NHS England said on Tuesday. 

Data Security vs. Data Exploitation 

NHS England assures that the new “federated data platform” (FDP) will be a secure, privacy-enhancing technology that will revolutionise care delivery. The promise is a streamlined, efficient service with live data at clinicians’ fingertips. However, the concern of the potential for data exploitation looms large. Can a firm, with a not-so-distant history of aiding in surveillance, be trusted with the most intimate details of our lives—our health records? 

The Right to Opt-Out: A Right Denied? 

The debate intensifies around the right—or the apparent lack thereof—for patients to opt out of this data sharing. With the NHS stating that all data will be anonymised and used solely for “direct patient care,” they argue that an opt-out is not necessary. Yet, this has not quelled the concerns of privacy advocates and civil liberty groups who foresee a slippery slope towards a panopticon oversight of personal health information. 

Skepticism is further fuelled by the NHS’s troubled history with data projects, where previous attempts to centralise patient data have collapsed under public opposition. The fear that history might repeat itself is palpable, and the NHS’s ability to sway public opinion in favour of the platform remains a significant hurdle. 

Conclusion 

As we venture further into an age where data is king, the NHS-Palantir partnership is a litmus test for the delicate balance between innovation and privacy. The NHS’s venture is indeed ambitious, but it must not be deaf to the cacophony of concerns surrounding patient privacy. Transparency, robust data governance, and the right to opt out must not be side-lined in the pursuit of technological advancement. After all, when it comes to our personal health data, should we not have the final say in who holds the keys to our digital lives? 

Take a look at our highly popular Data Ethics Course. Places fill up fast so if you would like learn more in this fascinating area, book your place now. 

UK Biobank’s Data Sharing Raises Alarm Bells

An investigation by The Observer has uncovered that the UK Biobank, a repository of health data from half a million UK citizens, has been sharing information with insurance companies. This development contravenes the Biobank’s initial pledge to keep this sensitive data out of the hands of insurers, a promise that was instrumental in garnering public trust at the outset. UK Biobank has since come out and responded to the article calling it “disingenuous” and “extremely misleading”. 

A Promise Made, Then Modified 

The UK Biobank was set up in 2006 as a goldmine for scientific discovery, offering researchers access to a treasure trove of biological samples and associated health data. With costs for access set between £3,000 and £9,000, the research derived from this data has been nothing short of revolutionary. However, the foundations of this scientific jewel are now being questioned. 

When the project was first announced, clear assurances were given that data would not be made available to insurance companies, mitigating fears that genetic predispositions could be used discriminatorily in insurance assessments. These assurances appeared in the Biobank’s FAQs and were echoed in parliamentary discussions. 

Changing Terms Amidst Grey Areas 

The Biobank contends that while it does strictly regulate data access, allowing only verified researchers to delve into its database, this includes commercial entities such as insurance firms if the research is deemed to be in the public interest. The boundaries of what constitutes “health-related” and “public interest” are now under scrutiny.   

However, according to the Observer investigation, evidence suggests that this nuance—commercial entities conducting health-related research—was not clearly communicated to participants, especially given the categorical assurances given previously although the UK Biobank categorically denies this and shared its consent form and information leaflet. 

Data Sharing: The Ethical Quandary 

This breach of the original promise has raised the ire of experts in genetics and data privacy, with Prof Yves Moreau highlighting the severity of the breach of trust. The concern is not just about the sharing of data but about the integrity of consent given by participants. The Biobank’s response indicates that the commitments made were outdated and that the current policy, which includes sharing anonymised data for health-related research, was made clear to participants upon enrolment. 

The Ripple Effect of Biobank’s Data Policies 

Further complicating matters is the nature of the companies granted access. Among them are ReMark International, a global insurance consultancy, Lydia.ai, a Canadian “insurtech” firm that wants to give people “personalised and predictive health scores”, and Club Vita, a longevity data analytics company. These companies have utilised Biobank data for projects ranging from disease prediction algorithms to assessing longevity risk factors. The question that is raised is how can one ensure that this is in fact in the Public Interest, do we take a commercial entities word for this? UK Biobank says all research conducted is “consistent with being health-related and in the public interest” and it has an expert data access committee who decide on any complex issues but the who checks the ethics of the ethics committee? The issues with this self-regulation are axiomatic. 

The Fallout and the Future 

This situation has led to a broader conversation about the ethical use of volunteered health data and the responsibility of custodians like the UK Biobank to uphold public trust. As technology evolves and the appetite for data grows across industries, the mechanisms of consent and transparency may need to be revisited.  The Information Commissioner’s Office is now considering the case, spotlighting the crucial need for clarity and accuracy in how organisations manage and utilise sensitive personal information. 

As the UK Biobank navigates these turbulent waters, the focus shifts to how institutions like it can maintain the delicate balance between facilitating scientific progress and safeguarding the privacy rights of individuals who contribute their personal data for the greater good. For the UK Biobank, regaining the trust of its participants and the public is now an urgent task, one that will require more than just a careful review of policies but a reaffirmation of its commitment to ethical stewardship of the data entrusted to it. 

Take a look at our highly popular Data Ethics Course. Places fill up fast so if you would like learn more in this fascinating area, book your place now. 

Another Day; Another Police Data Breach  

The largest police force in the UK, the London Metropolitan Police (also known as the London Met), has fallen victim to a substantial data breach. Approximately 47,000 members of the police staff have been informed about the potential compromise of their personal data. This includes details such as photos, names, and ranks. The breach occurred when criminals targeted the IT systems of a contractor responsible for producing staff identification cards.

While this breach has raised concerns about the security of sensitive information, it is important to note that details like identification numbers and clearance levels might have been exposed as well. However, it has been confirmed that the breached data did not include home addresses of the affected Met police personnel. There are fears that organised crime groups or even terrorist entities could be responsible for this breach of security and personal data.

Furthermore, the breach has amplified security apprehensions for London Met police officers from Black, Asian, and Minority Ethnic backgrounds. Former London Met Police Chief Superintendent Dal Babu explained that individuals with less common names might face a heightened risk. Criminal networks could potentially locate and target them more easily online, compared to those with common names. This concern is particularly relevant for officers in specialised roles like counter-terrorism or undercover operations.

Reacting to this situation, former Met commander John O’Connor expressed outrage, highlighting concerns about the adequacy of the cyber security measures put in place by the contracted IT security company, given the highly sensitive nature of the information at stake.

This incident presents a significant challenge to the UK Home Office, and it is likely that the government will be compelled to swiftly review and bolster security protocols. This step is necessary to ensure that the personal data of security service personnel is safeguarded with the utmost levels of privacy and data security. Both the Information Commissioner’s Office (ICO) and The National Crime Agency have initiated investigations.

This follows the data breach of the Police Service of Northern Ireland (PSNI) where, in response to a Freedom of Information request, the PSNI mistakenly divulged information on every police officer and member of police staff. Over in England, Norfolk and Suffolk Police also recently announced it had mistakenly released information about more than 1,200 people, including victims and witnesses of crime, also following an FOI request. Last week, South Yorkshire Police referred itself to the information commissioner after “a significant and unexplained reduction” in data such as bodycam footage stored on its systems, a loss which it said could affect some 69 cases.

These incidents underscore the urgency of maintaining robust data protection measures and raising awareness about potential risks, especially within law enforcement agencies. It also requires Data Controllers to ensure that they have processes in place to comply with the requirements of GDPR (Article 28) when it comes to appointing Data Processors.

We have two workshops coming up in September (Introduction to Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to upskill their employees about data security.

Ibrahim Hasan’s BBC Radio Ulster Interview about the PSNI Data Breach 

Today, Ibrahim Hasan gave an interview to BBC Radio Ulster about the the Police Service of Northern Ireland’s (PSNI) recent data breach. In response to an FOI request, PSNI shared names of all officers and staff, where they were based and their roles. Listen below. More about the PSNI and the Electoral Commission data breaches here.

We have two workshops coming up in September (Introduction to Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to upskill their employees about data security. Our Data Mapping workshop is proving very popular with IG and DP Officers who wish to develop this skill.