The investigation, which was commissioned in March - several months before the major data breach affecting all officers and staff - identified ‘‘considerable scope for improvement.’’
Responding, South Antrim MLA Trevor Clarke said:
‘‘The outcome of this audit raises fresh concerns. The ICO found that roles in the PSNI in relation to data sharing were not clear and guidance did not contain details of those with the authority to sign off on risks. In total, 48 ‘urgent’ or ‘high priority’ recommendations are handed down.
This underlines the enormous challenge facing the senior management team going forward. Whether it be officers, staff, victims, offenders or the wider public, the PSNI needs to ensure all personal data is handled properly and lawfully.
The findings of this audit are coming to light now but the fieldwork commenced back in March. Further national guidance was also received by the PSNI in July. Therefore, there are questions facing the senior ranks of the organisation. Was the PSNI aware of concerns about its data practices well in advance of last month’s breach? When did they receive the ICO recommendations? What action was being taken? Who was overseeing this?
Given the information being handled by any police service, it is not important they are made aware of any concerns as soon as possible, but that action is taken quickly to correct them. We need to ensure there have been no undue delays at any stage in this process.
We recognise that the independent investigation by the City of London police will want to consider all the issues. However it would be a travesty, if established, that the PSNI have placed thousands of individuals at risk - and left the public purse potential bereft of hundreds of millions of pounds - after missing consecutive opportunities to get their house in order. As own goals go, that would be spectacular.’’