The number of data breaches reported by Belgian police services to their data protection office jumped to 40 last year, almost double the 25 cases reported in 2022.
The Supervisory Body for Police Information (COC) is the data protection authority for Belgium's police service, and has published the figures this week, noting that the number of reported data breaches is the highest recorded since the COC started operating in 2018.
Examples of data breaches the reports could involve include hacking, ransomware, loss of a device or paper documents, emails sent to the wrong recipient or containing attachments that should not be there, targeted phishing, unauthorised distribution of content, online disclosure of personal or non-public information, unauthorised access or compromised passwords.
The COC highlighted in its 2023 activity report that the limitations of its small office are "not tenable" given the volume and complexity of the cases it is dealing with.
The authority noted that it is the smallest supervisory authority within security and policing, with 7 to 8 full time staff last year, and is trying to keep pace with increasingly complex regulations and developments in artificial intelligence (AI) and big data, as well as its growing caseload.
Credit: Belga / Hatim Kaghat
In particular, the COC said that as it has only one full time IT specialist, it does not have sufficient capacity to thoroughly examine infringements.
The COC criticised budget cuts which saw its funding allocation shrink from €1.816 million to €1.6 million this year, noting that the original amount was already "insufficient to cover actual expenditure".
While the authority said that in general Belgium is doing very well compared to other EU countries in terms of monitoring data processed by police, current training and expertise within the police force around data protection remains "inadequate".
Citizens requesting access to data
Elsewhere in the report, the COC said that it received 549 indirect data access requests from citizens last year, a fourfold increase compared to 2018.
The average processing time for these decisions was 46 days, and more than one in five (22%) of files processed last year resulted in the total or partial archiving, rectification or erasure of police data in the National General Database (BNG).
