Northern Ireland’s government departments have experienced a series of significant data breaches over the past decade, raising concerns about data security and privacy. Almost 50 breaches have been recorded, with nearly a third of them attributed to the Department of Justice.
Several breaches by the Department for Communities were categorized as “major incidents.” These included incidents such as the loss of documents containing medical data and an employee inappropriately accessing their ex-partner’s benefits information. These breaches have prompted investigations and responses from the Information Commissioner’s Office (ICO).
Felicity Huston, former commissioner for public appointments in Northern Ireland, expressed concern about the increasing trend of data breaches. She emphasized that as the government collects more data from citizens online, it is essential to ensure its security.
The Department for Communities was responsible for breaches such as leaving sensitive information in a restaurant and the potential disclosure of a person’s former identity. These incidents also involved the loss of a laptop and hard-copy files containing “special category information.” While the police were informed in some cases, the Department for Communities indicated that no further action was needed, according to advice from the ICO.
Recent data breaches, including the accidental inclusion of 10,000 police employees’ details in a response to a freedom of information request, have heightened concerns about data security. An independent review is ongoing to determine the causes of these breaches.
The figures obtained by BBC News NI indicate that data breaches have occurred across various government departments. The Department of Justice, for example, experienced breaches such as the misdelivery of a letter and sharing information with unauthorized parties. The Department for Infrastructure recorded breaches involving unauthorized access to personal folders and the incorrect mailing of medical information.
The Executive Office (TEO) reported breaches related to the exposure of email addresses and names in calendar invitations and the issuance of email addresses from the Historical Institutional Abuse Inquiry. The Department of Health (DoH) published a report that unintentionally included personal details of patients and staff, and the Northern Ireland Covid Certification Service (CCS) experienced technical malfunctions that exposed personal details and vaccine certificate information.
The ICO stressed the importance of organizations having robust measures in place to protect personal information, particularly sensitive data. Concerns are growing about the potential for further data breaches and the need for enhanced data security measures across government departments.