PSNI reprimanded over unlawful data sharing

The Police Service of Northern Ireland (PSNI) has been reprimanded for unlawfully sharing personal data on 174 people with a law enforcement agency in the United States.

It follows an investigation by the UK data watchdog, the Information Commissioner's Office (ICO).

The ICO said multiple infringements of the Data Protection Act occurred between 2018 and late 2020.

The PSNI discovered the issue in 2021 and apologised to those involved.

It admitted the information influenced decisions whether to let people visit the US.

The data was shared between the PSNI's extradition unit and the US Department of Homeland Security (DHS).

It included details of criminal convictions and biometric data.

The individuals who were impacted are believed to include republicans and loyalists.

The ICO said a culture had developed where data sharing was done outside agreed procedures and there "was a lack of effective managerial oversight".

It added: "Staff were proactively sharing personal data to disrupt travel arrangements and that sharing was not necessary for law enforcement purposes.

"The transfer of data was not for any specified special circumstances.

"Therefore, the investigation found the transfer of personal data to be unlawful."

The ICO noted the PSNI has since put in place "stricter controls".

When it first became aware of the issue, the PSNI alerted the Police Ombudsman who, it said, found no wrongdoing by any employee.

Instead, process failures were identified.

Responding to the ICO's reprimand, which does not include any fine, Ch Supt Sam Donaldson said: "At the time, we apologised and I want to repeat that apology.

"The ICO made a number of recommendations.

"I want to reassure the public that significant steps have already been taken and that each of these recommendations has already been implemented to prevent any reoccurrence of this breach.

"These steps have been acknowledged and welcomed by the Information Commissioner's Office."