On 8 September 2023, the Information Commissioner’s Office (ICO) published the results of a data protection audit of the Police Service of Northern Ireland (PSNI). The audit found that the PSNI had limited levels of data protection compliance in the area of investigation, including governance, accountability and data sharing practices.
Specifically, the audit report recommended that the PSNI take the following actions to improve data protection practices:
- carry out comprehensive data mapping for all information assets and processing activities;
- ensure that instructions and templates for impact assessments (DPIAs) include information on who has the authority to accept specific risks;
- introduce a comprehensive information governance training programme for staff;
- carrying out a review of data sharing to identify all routine personal data sharing activities and ensuring appropriate information sharing agreements are in place.
The ICO will monitor the PSNI’s activities to ensure that the ICO’s recommendations have been implemented and that the weaknesses identified in the report have been addressed. The ICO noted that it is investigating the PSNI data breaches that occurred after the audit.