1. ITV Report

Cleveland Police: "We have acted swiftly" after online data breach

Cleveland Police have released a statement after it emerged that personal data of over 1600 people who were 'subject to force being used' against them was published online.

The data was uploaded on the 24th of July but the force only became aware of what was actually accessible to the public on the 28th of September 2018.

They've issued advice for those who think they may be affected and say they've put steps in place to make sure this can't happen again.

On 28th September we became aware that an excel spreadsheet containing personal data had been published on the Cleveland Police website.

The Force is required to publish data on officers’ use of force, whether that is a form of restraint, handcuffing, use of Taser or irritant spray.

The excel spreadsheet, uploaded on 24th July 2018, contained two data tabs - a redacted version which would ordinarily be published and an additional tab which contained the personal information of 1661 people who were subject to force being used between 1st April 2018 and 30th June 2018.

The personal information included names, dates of birth, ethnicity, and limited health and wellbeing data, but did not include home addresses. It also showed the names, collar numbers and training details of officers and staff who had used the force on the individual person.

We have been able to see that the entire spreadsheet has been accessed on a small number of occasions during the time it was in the public domain; however as the spreadsheet shows the redacted information first, it’s likely many of these people did not click on the additional data tab at the bottom of the screen.

As soon we were made aware of the data breach, steps were taken to remove the information from public view and the breach was referred to the Information Commissioner.

An investigation by the Cleveland Police Directorate of Standards and Ethics found that the incident occurred due to human error.

Safeguards have been put in place to reduce the risk of a similar incident happening in the future.

Chief Superintendent Ciaron Irvine said: “Cleveland Police takes its responsibilities over the proper handling of personal information very seriously and I am particularly disappointed that this has happened. The public can be assured that we have acted swiftly to minimise the impact of this data breach and will ensure that we do everything we can to prevent a similar occurrence in future.”

What to do if you think you are affected:

• The data concerns people who were subject to use of force between 1st April 2018 and 30th June 2018.

• In the majority of cases use of force will be prior to or following an arrest.

• The use of force includes compliant or non-compliant handcuffing, use of dogs, drawing or use of baton, limb or body restraints, use of taser, shield, drawing or use of irritant spray, drawing or use of baton rounds, discharging of firearms, and unarmed skills (including strikes, restraints and take downs)

Cleveland Police are considering efforts to contact those affected directly, however anyone who believes they will be affected can have their concerns addressed by calling 101 citing reference number 182835

– Cleveland Police