The PSNI is facing a £750,000 (€880,000) fine for failing to protect the personal information of its workforce.
The service described the fine as “regrettable” given the financial pressures it faces as it highlighted measures it has taken since personal details of thousands of officers were released online.
Data relating to all 9,483 PSNI officers and staff was included in a spreadsheet published online last August in response to a freedom of information request.
The list included the surname and first initial of every employee, their rank or grade, where they are based and the unit in which they work.
Police later said the information had got into the hands of dissident republicans.
In the aftermath of the leak, some officers chose to relocate their homes, cut contact with family members, and change daily routines.
The fine has been proposed by the UK Information Commissioners Office (ICO), which said the breach was a “potentially life-threatening incident” which caused “untold anxiety and distress”.
However, the ICO said it was using discretion to significantly reduce the fine to ensure public money is not diverted from other areas of need.
Had the public sector approach not been applied, this provisional fine would have been set at £5.6 million.
The ICO investigation has provisionally found the PSNI’s internal procedures and sign-off protocols for the safe disclosure of information were inadequate.
The controversy contributed to the resignation of then-chief constable Simon Byrne and led the PSNI and Policing Board to commission a review.
Mr Byrne’s successor said the error, which could potentially cost £240 million in security and compensation payouts, was due to a system failure.
PSNI Chief Constable Jon Boutcher also said no disciplinary action is being taken against anyone involved.
The Commissioner’s findings are provisional, and his office is to consider any representations PSNI make before making a final decision on the fine amount and the requirements in the enforcement notice.
Reacting to the fine, deputy chief constable Chris Todd said the the PSNI accepted the notice to impose the penalty and is taking steps to implement recommend changes.
In a statement, he said: “Today’s announcement by the ICO that they intend to fine us £750,000 following the data loss of August 8 2023 is regrettable, given the current financial constraints we are facing and the challenges we have, given our significant financial deficit to find the funding required to invest in elements of the requisite change.
“We will make representations to the ICO regarding the level of the fine before they make their final decision on the amount and the requirements in their enforcement notice.”
He said the service had “worked tirelessly” to introduce measures for affected officers and staff, including crime prevention advice.
Mr Todd said 90 per cent of named individuals in the data set took up an offer of £500 towards equipment or items for their own particular safety needs.
He added: “An investigation to identify those who are in possession of the information and criminality linked to the data loss continues.
“Detectives have conducted numerous searches and have made a number of arrests as part of this investigation.”
The PSNI’s oversight body said it is awaiting an update on the implementation of recommendations it made in the wake of the data breach.
Following a meeting with the ICO, the chair of the NI Policing Board, Mukesh Sharma, said: “The Board remains profoundly aware of the personal and professional impact that the 8 August data breach has had on officers and staff.
“The Board has continued to engage with both PSNI and staff associations over the last nine months to assess the ongoing effects of the breach and we welcome the actions taken by PSNI to mitigate the immediate impact and support those affected.”