The Cleveland Police data breach was another example of a preventable public sector data breach that should never have happened in the first place.
As a result of what’s being classed as a “human error” incident, the personal details of 1,661 people were leaked online. As part of the police’s procedures for disclosing data about “use of force”, information was put online that was accidentally not redacted. What should have been generic information about people who had been restrained by the police between April and June this year instead disclosed far more information.
Anyone affected by the Cleveland Police data breach may be eligible to pursue legal action.
What happened in the Cleveland Police data breach?
As part of efforts to be transparent with the public, Cleveland Police published information about how their officers had applied “use of force” in the field. The data published was intended to be generic data about persons who had been restrained by the force during a period of time.
Unfortunately, the information published was unredacted, meaning personal information was disclosed as well.
The data was published on 24th July 2018, but it was not until September when they were alerted of the breach by another police force. Those affected are being contacted.
What information was disclosed in the Cleveland Police data breach?
The information disclosed in the Cleveland Police data breach included:
- Names;
- Birth dates;
- Ethnicity information;
- Health and wellbeing information.
Particularly in cases where no further action was taken, many people may not want other to know that they have been retrained by the police. The fact that the data disclosed also included ethnicity and medical information made matters worse.
What’s being done about the Cleveland Police data breach?
Aside from the victims being contacted, the Information Commissioner’s Office (ICO) has been advised about the breach.
A police spokesperson said:
“We are required to publish data on officers’ use of force, whether that is a form of restraint, handcuffing, use of Taser or irritant spray. The excel spreadsheet, uploaded on 24 July contained two data tabs – a redacted version which would ordinarily be published and an additional tab which contained the personal information of 1,661 people who were subject to force being used between 1 April 2018 and 30 June 2018.”
They went on to confirm that their investigations have concluded this matter as a “human error” incident.