Data breaches are not a good look for any institution or organisation. But depending on the nature of the data leaked and the organisation, some breaches can be more serious and have greater consequences than others.
This is certainly true of the Police Service of Northern Ireland (PSNI), which has accidentally published information about all its police officers and civilian personnel in response to a freedom of information (FoI) request. This included a spreadsheet containing their names, their roles and where they were based.
The document was available online for several hours on the FoI website What Do They Know before being taken down. The PSNI is conducting an investigation into how this happened.
It has been reported that the spreadsheet contained approximately 345,000 pieces of data relating to every police officer. In confirming the breach, the PSNI attributed it to “human error” and stated that they were taking the matter “extremely seriously”.
PSNI chief constable Simon Byrne said in a press conference that dissident republicans claim to have some of the information and that the force is considering whether officers need to be moved from their places of work for their safety.
The data breach is said to encompass all serving staff including specialist firearms units, the tactical support group (which is responsible for public order and riot control) and those assigned to the specialist operations branch who command and assist in complex investigations.
A remarkable wealth of information about PSNI personnel has been leaked, by any stretch of the imagination. Of the many reasons why this is so serious, three stick out in particular.
1. Risking violence
A data breach of this nature is likely to leave any police force red-faced, yet for the PSNI the consequences extend far beyond public embarrassment. The long and contested history of problems with policing in Northern Ireland means that there are both practical dangers and specific sensitivities that even the most well-crafted apology won’t be able to assuage.
The most immediate problem is that the personal information of serving police officers is now potentially in the public domain. This raises the question of who might have accessed this information and what they might do with it.
Today’s levels of violence in the north of Ireland are incomparable to the past but the threat of violence against serving police officers remains. This threat comes mainly from armed Irish republican groups who have rejected the peace process and Good Friday agreement.
To them, PSNI officers represent “legitimate targets” because they uphold the constitutional status quo of post-Good Friday agreement Northern Ireland. Unlike other nationalists and more moderate republicans who have come to accept reformed policing, for these armed groups the PSNI remains a “British” police force tasked with enforcing partition on the island of Ireland.
The live nature of the threat to PSNI officers was brutally reiterated this year when PSNI detective chief inspector John Caldwell was shot in County Tyrone in February. Several of the people due to be tried for his attempted murder are also accused of being involved with the IRA.
Crucially, Caldwell was targeted while he was off duty and packing up after leading a youth football training session. The people who attacked him appear to have known where to find him outside of work, clearly illustrating how personal information about PSNI officers could be used to devastating effect.
To make matters worse, it has been reported that the details of 40 PSNI staff based at MI5 are included in the breach. Personnel of this nature would surely represent prize targets to Irish republicans.
Any attack on these people that resulted in injury or death would be seen as a huge propaganda coup at a time when the armed campaigns of these groups are sporadic and stuttering.
2. Stoking community tensions
At the same time, the data breach speaks to a more difficult question around just how accepted the PSNI are in certain working-class communities. The struggle to recruit officers from working-class Catholic, nationalist, republican backgrounds is well documented.
Anyone from this background within the PSNI is unlikely to tell anyone beyond their closest family and friends what their job is. This is partly because of the security threat but also because of the problematic relationship their community had with the PSNI’s predecessor force, the Royal Ulster Constabulary.
Yet the PSNI is also experiencing difficulty recruiting from working-class Protestant, unionist, loyalist areas too. Ongoing political tensions, including Brexit, disputes about which flags should fly over public buildings in Northern Ireland and the policing of Orange Order parades, have put these communities at a remove from the PSNI. It is unlikely, then, that officers from within these communities would make their jobs publicly known either.
3. Reviving unresolved grievances
Some will also have been reminded of the past by this data breach, which has echoes of the deliberate intelligence leaks that used to come out of the Royal Ulster Constabulary during the years of conflict. The force passed the personal details of nationalists to state agents within loyalist groups, who are accused of then murdering them.
This remains at the core of grievances over state collusion during the Troubles. While this latest data breach is different in nature, it nonetheless rubs at a sore spot for victims still waiting for truth and justice.
The leaking of personal details about every serving PSNI officer is without doubt an unmitigated disaster for the PSNI, politically and organisationally. While the force has apparently set up a “gold group” – the highest internal emergency response – significant damage has already been done.