Update on Suffolk Constabulary data breach

Suffolk Constabulary has been investigating a data breach which was discovered by a member of the public on the evening on Monday, November 7.

The information was removed from the public domain as soon as possible after officers were alerted, and an internal inquiry began.

The data was contained within an Excel document on the Suffolk Constabulary website. It related to inquiries into sexual offences and offences that occurred in schools which were reported between 1 April 2015 and 31 March 2019.

No information outside of those dates has been disclosed.

It has been established around two to three per cent of the published investigations included information which could lead to someone being identified. In most cases no personal data was present.

Officers and staff are continuing to assess the scale of the data breach. As part of their work they are endeavouring to contact those affected at the earliest opportunity to give support, reassurance and offer an apology.

The location of the Excel document would not have been immediately evident on the constabulary’s website. It was contained within a reply to a Freedom of Information (FOI) request.

As part of the inquiry, we are seeking to establish how many people have viewed the information. No other reports have been made to us since this document was first published in 2019.

All other FOI replies have also been removed from our website and we are now confident that there have been no other information breaches of this nature.

Suffolk Constabulary takes its obligations under the Data Protection Act extremely seriously and has referred the breach to the Information Commissioner’s Office.

Assistant Chief Constable Eamonn Bridger said: “Suffolk Constabulary is extremely sorry for the data breach and the anxiety this unintentional disclosure of personal information will have caused. 

“We recognise and sincerely regret the additional concern this incident will have caused for victims of crime that we are duty-bound to protect. 

“We have now fully removed the document from public circulation and will continue to proactively seek to minimise any risk that the release of this data may have had. 

“We are committed to making sure we do everything we can to avoid a similar incident happening in the future and have already implemented changes that will ensure these circumstances do not happen again.”