The Police Ombudsman for Northern Ireland has expressed regret to its workforce after inadvertently disclosing their details to several job seekers. The security breach involved the personal particulars of 160 in-service and ex-employees.
This data, encompassing the employee details for May 2022, was embedded in a three-page Word file that was unintentionally sent out to 22 interview candidates during a recruitment process. The file included the first initial and surname of all staff members as of May 2022, alongside their respective service areas or teams. Details on the contractual status of employees were also revealed.
The document likewise mapped staff movement, specifying resignations, pending retirements, career breaks, internal movements, and new hires. Certain staff given names were contained within this data.
A representative from the Ombudsman office confirmed that the exposed document didn’t carry any other confidential material. Immediate action was taken to minimise the impact of the breach, primarily by reaching out to the recipients of the document.
Currently, 20 of the 22 recipients have verified the deletion of the inappropriate email along with the related documents. An unreserved apology has been issued to the current staff, acknowledging the oversight that caused the data breach and the office is now reaching out to the past staff members whose information is in the document.
The incident has compelled the office to inform the Information Commissioner’s Office (ICO) and they are considering hiring an external independent investigator to evaluate the incident and provide suggestions for future measures. 160 employees, both current and past, have been impacted by this situation.