Cleveland Police admit data breach after sharing personal details of more than 1,600 people on force website

Cleveland Police admit data breach.
Cleveland Police admit data breach.

Cleveland Police uploaded the information of more than 1,600 people onto its website in a data breach.

The force became aware of the breach on September 28 after an excel spreadsheet containing personal data was published on the website.

Chief Superintendent Ciaron Irvine.

Chief Superintendent Ciaron Irvine.

The information was uploaded on July 24 this year and taken down as soon as staff were made aware of the breach. It included names, dates of birth, ethnicity, limited health and wellbeing data, but not home addresses.

A spokesman said the force is required to publish data on officers’ use of force including restraint, handcuffing, use of Taser or irritant spray.

The excel spreadsheet contained two data tabs - a redacted version which would ordinarily be published - and an additional tab which contained the personal information of 1,661 people who were subject to force being used between April 1, 2018 and June 30, 2018.

As well as the data of members of the public, it also showed the names, collar numbers and training details of officers and staff who had used the force on the individual person.

The spokesman said: "We have been able to see that the entire spreadsheet has been accessed on a small number of occasions during the time it was in the public domain; however as the spreadsheet shows the redacted information first, it’s likely many of these people did not click on the additional data tab at the bottom of the screen.

"As soon we were made aware of the data breach, steps were taken to remove the information from public view and the breach was referred to the Information Commissioner."

An investigation by the Cleveland Police Directorate of Standards and Ethics found that the incident occurred due to human error and safeguards have been put in place to reduce the risk of a similar incident happening in the future.

Chief Superintendent Ciaron Irvine, said: "Cleveland Police takes its responsibilities over the proper handling of personal information very seriously and I am particularly disappointed that this has happened.

"The public can be assured that we have acted swiftly to minimise the impact of this data breach and will ensure that we do everything we can to prevent a similar occurrence in future."

In the majority of cases use of force will be prior to or following an arrest. The use of force includes compliant or non-compliant handcuffing, use of dogs, drawing or use of baton, limb or body restraints, use of taser, shield, drawing or use of irritant spray, drawing or use of baton rounds, discharging of firearms, and unarmed skills, including strikes, restraints and take downs.

Cleveland Police is considering efforts to contact those affected directly, however anyone who believes they will be affected can have their concerns addressed by calling 101 citing reference number 182835.