New: The department restored more than 2,000 missing discipline records to its public database of uniformed officers, weeks after ProPublica revealed data reliability issues. But it also removed case numbers, making future oversight more difficult. https://propub.li/3zCEJXx
ProPublica’s Post
More Relevant Posts
-
Data Protection and Freedom of Information may not be easy bedfellows but they can, and do, co-exist. And in a week when the Police Service of Northern Ireland announced a major data breach resulting in uncontrolled access to officers’ and staff names, grades and locations, which came about through a Freedom of Information request, it’s worth remembering that the Freedom of Information legislation has a range of exemptions for a good reason. FOI can be a powerful tool for journalists, campaigners and others who seek to ensure public transparency. In the PSNI case, a member of the public asked simply for a breakdown of staffing numbers by rank and grade. In error, the PSNI provided a spreadsheet containing the surnames of every officer and staff member, their initials and other data, and for several hours it remained online. At Shepherd and Wedderburn we often see that public bodies are snowed under with FOI requests. Tempting though it is to release information at speed and move on, every FOI request should be carefully considered before responding. Exemptions for personal data and personal safety allow information to be withheld, however the PSNI staff made errors by failing to understand the technology they were using. Human error is the leading cause of personal data breaches so, when releasing information under FOI, you should ensure not only that you know the FOI exemptions but also that you understand whether there may be data hidden on a document which is not visible to the reader on screen. The PSNI case is an extreme example that clearly demonstrates the need for vigilance when responding to FOI requests. Let's hope that lessons are learned to avoid repetition by the PSNI or any other public body.
To view or add a comment, sign in
-
BakerHostetler's Eric Manski and Elana Weinblatt write: Consistent with recent trends in broadening the scope of state data breach notification statutes, Connecticut and Florida have expanded the definitions of personal information under their respective data breach notification statutes to include geolocation data. This change became effective in Connecticut as of Oct. 1 and will become effective in Florida on July 1, 2024. #statelaws #databreaches #personalinformation #geolocationdata #breachnotifications
Florida and Connecticut Expand Breach Laws to Include Geolocation Data as Personal Information
https://www.jdsupra.com/
To view or add a comment, sign in
-
A mix of people read the FOI Daily, but this one goes out more to the FOI and DP practitioners than the applicants (although the latter might choose to do some public spirited checking). Police Professional reports that Police Scotland has just completed a review of its FOI disclosure log. The force publishes all of its disclosure. In the light of the disastrous PSNI breach where so much personal data was published on What Do They Know, they took the log down to check every entry to see whether any data had been published inadvertently. There were 2054 requests and 195 contained an attachment: none of them had any personal data that wasn’t supposed to be there. This exercise has the advantage of being contained and coherent; I imagine a trawl back on your own page on WDTK would be a nightmare. Nevertheless, I think the exercise might be worth conducting. Even now, spreadsheets with errant pages and data are out there in the wild, and though you can’t go back in time, it’s possible that accidental disclosures haven’t been noticed by recipients. I’ve dealt with a few awkward, angry applicants who refused to delete data they shouldn’t have been sent; I’ve encountered many more who were keen to help. Even if they wanted to complain about the organisation’s mistake, they wanted to make sure the data was deleted or returned. When considering past accidents, the horse may have bolted, but you don’t know how far it got. I think Police Scotland’s actions are commendable, and worth copying. https://lnkd.in/eifcTPSX
No data breaches found in review of Police Scotland FoI requests
https://www.policeprofessional.com
To view or add a comment, sign in
-
Remuneration and incentives tax expert. Partner at Mishcon de Reya. London. - Employee ownership and equity reward tax specialist helping UK and international companies.
I know a few people who like a spreadsheet! This ⬇️ is a useful reminder about data protection hygiene and risks. #DataProtection #Spreadsheets
Senior Data Protection Specialist Jon Baines was interviewed on BBC Radio 5 Live this morning, discussing the recent data leaks by Norfolk and Suffolk police. "𝘚𝘱𝘳𝘦𝘢𝘥𝘴𝘩𝘦𝘦𝘵𝘴 𝘢𝘳𝘦 𝘱𝘰𝘸𝘦𝘳𝘧𝘶𝘭 𝘱𝘪𝘦𝘤𝘦𝘴 𝘰𝘧 𝘴𝘰𝘧𝘵𝘸𝘢𝘳𝘦. 𝘛𝘩𝘦𝘺 𝘤𝘢𝘯 𝘩𝘪𝘥𝘦 𝘭𝘰𝘵𝘴 𝘰𝘧 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯 𝘪𝘯 𝘵𝘩𝘦𝘮 𝘸𝘩𝘪𝘤𝘩 𝘪𝘴𝘯'𝘵 𝘪𝘮𝘮𝘦𝘥𝘪𝘢𝘵𝘦𝘭𝘺 𝘰𝘣𝘷𝘪𝘰𝘶𝘴… 𝘞𝘩𝘦𝘯 𝘺𝘰𝘶'𝘳𝘦 𝘱𝘶𝘣𝘭𝘪𝘴𝘩𝘪𝘯𝘨 𝘰𝘳 𝘥𝘪𝘴𝘤𝘭𝘰𝘴𝘪𝘯𝘨 𝘢 𝘴𝘱𝘳𝘦𝘢𝘥𝘴𝘩𝘦𝘦𝘵 𝘰𝘧 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯, 𝘮𝘢𝘬𝘦 𝘷𝘦𝘳𝘺 𝘴𝘶𝘳𝘦 𝘵𝘩𝘢𝘵 𝘺𝘰𝘶 𝘬𝘯𝘰𝘸 𝘸𝘩𝘢𝘵'𝘴 𝘪𝘯 𝘪𝘵." Listen now: https://lnkd.in/gm6dtCEg
The danger of disclosing sensitive information with spreadsheets
mishcon.com
To view or add a comment, sign in
-
DATA PROTECTION FEEDBACK FROM THE JOIC Excellent and engaging seminar from the Jersey Office of the Information Commissioner this morning with Paul Vane “Talking Data Protection Enforcement”. My key takeaways: 1. The trends in 2023 (poor data security, human error, unauthorised disclosures and delayed/incomplete responses to subject access requests) suggest that businesses’ personnel may need more data protection training and that a business’ compliance can be impacted by staff turnover as they lose experienced and trained personnel; 2. The JOIC’s aims continue to be to ensure that the public are well-served and to support businesses and help them to do the right thing; 3. However, six years into the regulatory regime, the JOIC will start to ramp up their oversight, in particular through more data protection audits, with onsite as well as desk-based audits being introduced; 4. Audits will be proactive and potentially thematic as well as reactive in response to issues identified at specific firms; 5. The fundamental elements of an audit are to check that the business is appropriately registered, that personnel have received appropriate training and that there are adequate checks and controls over systems and access. Terms of reference for an audit are agreed with the business in advance. #dataprotection #JerseyCI
Join Information Commissioner Paul Vane for this special 'Ask the Commissioner' event for #DataProtection Week 2024. Commissioner Vane will talk through the Jersey Office of the Information Commissioner's (Jersey Data Protection Authority’s) mandate, regulatory and enforcement philosophy; highlighting JOIC’s thinking on regulating for outcomes, the range of regulatory tools available and how and when they are used. Spaces for this session are limited. Please reserve your space on our website: https://lnkd.in/eQs36eAm
To view or add a comment, sign in
-
One of the key considerations in most jurisdictions in notifying data subjects when their personal data is involved in an incident is whether or not the incident results to a high risk to the rights and freedoms to the data subjects involved. Since whether or not an incident results to high risk is a factual issue dependent on the nature, circumstances, volume, and categories of personal data involved as well as existing measures and actions taken to mitigate the risk of harm, it is important that the there's proper oversight and governance on the incident process, taking into account the obligation of accountability in every step of the process.
To view or add a comment, sign in
-
MIT Alum | Engineer | Cybersecurity🛡 | Cloud | AI | ESG | Founder & IPO | TEDx | CRN Channel 🏆| CEFCYS CYBER🏆
Navigating the aftermath of a data incident involves anticipating encounters with various regulators, each with distinct procedures and criteria. Following the containment of the incident, a swift and thorough assessment is crucial to identify relevant regulators. Depending on the incident's nature, organizations may face a large multistate investigation, individual ones, or a combination. Federal agencies like the FTC, HHS, and FCC may also intervene based on their jurisdiction. Time sensitivity is paramount, as notification deadlines vary, and a prompt response helps meet stricter timelines. Tailoring an approach for state AGs, administrative agencies, and federal regulators, along with meticulous preparation and communication, is vital for a smooth exit from the regulatory maze. #DataIncident #RegulatoryCompliance #IncidentResponse #DataProtection
Navigating the complexities of regulatory data incident investigations
reuters.com
To view or add a comment, sign in
-
What are five key harmful OCA practices and how are online operators able to make effective and informed choices about the processing of their personal data? Find out more here: https://ow.ly/kJP450PCSr9 #BristowsCookieJar
To view or add a comment, sign in
-
To secure, manage and provide insights into the world's data. The largest organizations around the globe rely on us to strengthen their business resilience. 💚
When organizations experience a data incident, they will need to chart a course by which they resolve the incident while limiting their legal exposure. Here are the regulators they will likely need to deal with.
Your organization has suffered a data incident: Now here are the regulators it will likely encounter
reuters.com
To view or add a comment, sign in
-
Senior Leadership | Strategist | Technologist | Talent Development | Mentor | Risk & Compliance | Finance | Inclusive
When organizations experience a data incident, they will need to chart a course by which they resolve the incident while limiting their legal exposure. Here are the regulators they will likely need to deal with.
Your organization has suffered a data incident: Now here are the regulators it will likely encounter
reuters.com
To view or add a comment, sign in
34,791 followers