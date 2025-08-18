Sign up to our daily newsletter – Regular news stories and round-ups from around Scotland direct to your inbox Sign up Thank you for signing up! Did you know with a Digital Subscription to The Scotsman, you can get unlimited access to the website including our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Learn More Sorry, there seem to be some issues. Please try again later. Submitting...

Scotland’s national police force has been urged to improve how it handles data, with newly released figures showing that it suffered nearly 1,400 breaches over the past three years.

A catalogue of incidents at Police Scotland include the loss or theft of technology used by officers, unauthorised access to its systems or data, and misplaced identity cards and keys.

The number of data breaches is on the rise according to data released following a freedom of information request, with 476 incidents recorded in 2024/25. That is up from 461 incidents in 2023/24, with the same number reported in 2022/23.

The vast majority of the incidents are classed as “unauthorised disclosure,” but over the three year period, there were also dozens of episodes where data breaches occurred involving lost or stolen tech and paper documents.

Some 476 data breaches took place at Police Scotland in 2024/25, up from the previous year. Picture: John Devlin

The force said it would be too expensive to disclose how many compensation claims had been brought against it for data breaches, or how much it had paid out in compensation. In its response to the freedom of information request from Data Breach Claims UK, it noted that such incidents would be classed as an employer’s liability, or public liability claim, hundreds of which are received each year.

Legal figures warned that data breaches within the police service were a “significant and growing” concern.

Bethan Simons, a solicitor at JF Law, said: “Breaches don’t always have to be complex cyberattacks, as breaches can often occur from human error. This can include misdirected emails, documents sent to the wrong address, the loss or theft of devices such as laptops or USB sticks containing sensitive information, or even the accidental publication of data..

“Internal mishandling is another cause of data breaches, such as officers accessing data without authorisation or failing to redact certain sensitive details.

“To prevent these breaches, forces must prioritise data protection measures involving comprehensive training for staff on data handling protocols, encryption of devices, and strict policies regarding the sharing and retention of data.”

Legal experts stressed the need for robust training around data breaches. | PA

A spokeswoman for Police Scotland said it had processes in place to identify, record, investigate and remediate data breaches in line with its statutory obligations.

She said: “We have a range of technical, physical, procedural and behavioural controls in place to reduce the risk of data breaches occurring and we provide police officers and staff with ongoing training and guidance to support them to avoid data breaches, or where they occur, how to deal with them.

“A specialist team, led by the data protection officer, investigates all breaches and where they meet the criteria, report to the Information Commissioner’s Office and notify impacted parties and support ongoing engagement with them.

“Data breach management is overseen by the data protection officer and reported routinely to the force executive for further scrutiny of any trends or to support opportunities to adopt learning or reduce the risk of further breaches.”

She added: “Any identification of malicious activity resulting in a data breach is separately investigated by the force’s professional standards department for potential misconduct.

