Data breach by Norfolk and Suffolk police 'shouldn't have happened'

Norfolk's chief constable said personal details shared accidentally by police about 1,230 victims of abuse "shouldn't have happened".

The data breach involved Norfolk and Suffolk police forces which admitted personal information was included in Freedom of Information (FOI) responses due to a "technical issue".

The information included descriptions of offences including sexual and domestic assaults.

Both forces have apologised.

Speaking to the BBC on Wednesday, Norfolk's chief constable, Paul Sanford, confirmed 858 of the victims and witnesses affected related to crimes investigated by his force.

"A small percentage of the FOI requests the constabularies received last year were returned with some of the raw data still attached to the information that we sent," he said.

The information was attached to 18 responses to FOI requests from journalists for crime statistics issued by the forces between April 2021 and March 2022.

The data included personal identifiable information on victims, witnesses and suspects relating to a range of offences including sexual offences, domestic incidents, assaults, hate crime and thefts.

"It shouldn't have happened. We've made the steps to make sure it doesn't happen again in the future but we understand that a significant number of people have been affected by this," said Chief Constable Sanford.

"I'd also like to say when this data was sent out it was hidden. We've taken every step that we can, strenuous efforts, to understand whether this data has been accessed by any party that shouldn't have.

"Thus far, we've found no evidence of that."

Mr Sanford said all of the people affected were being contacted and added, "if you don't hear from us, you should have no cause for concern".

The chief constable admitted the breach might also have impacted people's trust in the police, but said: "We have learnt from this incident, we have changed our processes so that this cannot happen again."

Meanwhile, Suffolk's temporary assistant chief constable, Eamonn Bridger, said "immediate steps" were taken to react and remove the data from the public domain.

All those affected are expected to be contacted by letter, phone or in person by the end of September.

It was the second time Suffolk Police breached victims' personal details within nine months after names and addresses of victims could be seen on the force's website.

The Information Commissioner's Office (ICO) has confirmed it was investigating the matter.

Follow East of England news on Facebook, external, Instagram, external and Twitter, external. Got a story? Email eastofenglandnews@bbc.co.uk, external or WhatsApp 0800 169 1830