Incidents included the loss or theft of technology used by officers, unauthorised access to systems or data, and misplaced identity cards and keys.

Figures released under freedom of information laws show the number of breaches is rising, with 476 incidents recorded in 2024/25, compared with 461 in both 2023/24 and 2022/23.

Most breaches were classified as “unauthorised disclosure”, but there were also dozens of cases involving lost or stolen technology and paper documents.

The force said it was too costly to provide figures on how many compensation claims had been made, or how much had been paid out as a result of breaches. In its response to Data Breach Claims UK, which made the request, it noted such incidents would fall under employer’s liability or public liability claims, of which it receives hundreds each year.

Lawyers warned that data breaches within the police were a “significant and growing” concern.

Bethan Simons, a solicitor at JF Law, said: “Breaches don’t always have to be complex cyberattacks, as breaches can often occur from human error. This can include misdirected emails, documents sent to the wrong address, the loss or theft of devices such as laptops or USB sticks containing sensitive information, or even the accidental publication of data.

“Internal mishandling is another cause of data breaches, such as officers accessing data without authorisation or failing to redact certain sensitive details.

“To prevent these breaches, forces must prioritise data protection measures involving comprehensive training for staff on data handling protocols, encryption of devices, and strict policies regarding the sharing and retention of data.”

A spokeswoman for Police Scotland said: “We have a range of technical, physical, procedural and behavioural controls in place to reduce the risk of data breaches occurring and we provide police officers and staff with ongoing training and guidance to support them to avoid data breaches, or where they occur, how to deal with them.

“A specialist team, led by the data protection officer, investigates all breaches and where they meet the criteria, report to the Information Commissioner’s Office and notify impacted parties and support ongoing engagement with them.

“Data breach management is overseen by the data protection officer and reported routinely to the force executive for further scrutiny of any trends or to support opportunities to adopt learning or reduce the risk of further breaches.”