A recent data leak from a community organisation has reportedly exposed the personal information of highly vulnerable domestic violence victim.
Moving On is a Rochdale-based support service that seeks to help adults with acquired disabilities and provide a safe space for them to work through their difficulties. However, a series of errors reportedly led to the personal data of a former domestic violence victim being sent to a third party and posted online.
The victims in question is understood to have been left ‘terrified’ following the incident, worrying who their personal information may have reached. Rochdale council is investigating the leak to find the cause of the error, but it has already been established that council officials were apparently responsible for sending a letter that unintentionally shared the victim’s details with a third party.
Regulations for protecting the data of domestic abuse victims
It is unacceptable that local government has failed to protect some of the most vulnerable individuals under their jurisdiction. A domestic violence victim is perhaps one of the most vulnerable individuals to be affected by a data leak.
Many domestic violence victims explicitly choose to hide their identity, opting to use their legal right to change their name. This action which is available to ensure that they never risk being exposed to their former abuser.
In 2018 the Information Commissioner’s Office, the body responsible for upholding information rights in the UK, specifically outlined how the personal data of domestic violence victims should be handled in relation to the General Data Protection Regulation (GDPR) and the Domestic Violence Disclosure Scheme. There are specific rules and regulations in place for organisations to follow when handling the data of domestic violence sufferers, in recognition of their uniquely sensitive and vulnerable situation.
In addition, a recent report has called into question the current police practice of sharing the immigration status of domestic abuse victims with the Home Office. The proposal comes after serious concerns have been raised about how this approach may make victims reluctant to report crimes they have suffered from. The government has previously rejected suggestions of implementing this policy but, if it were put in place, it could represent a landmark recognition of the importance of protecting domestic violence victims’ data.
Failing to protect the victims
Regardless of the regulations, we see time and time again that it only takes one individual slip-up to unintentionally leak private data.
The Moving On support group may have simply mixed-up personal information when writing their letters, but the outcome of such an event can be grave. It is vital that local government bodies like Rochdale council have adequate resources and systems in place to prevent such mistakes from happening, as such errors could be avoided with better systems and procedures.
This incident could also be indicative of a wider issue when it comes to data protection guidance. The council should thoroughly investigate and re-evaluate the necessary data protection practices to ensure that there are no repeats of the incident.
Protecting your right to privacy
At Your Lawyers, t/a the Data Leak Lawyers, we encounter data breach victims who have suffered the effects of having highly sensitive data exposed. We recognise how precarious the safety of domestic abuse victims can be and we believe that organisations can always do more to ensure their information is never exposed to those who have no right to see it.
If you have been the victim of a breach such as this, please do not hesitate to contact us for free, no-obligation advice here.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on January 12, 2021
Posted in the following categories: Claims Cybersecurity GDPR Government Security and tagged with compensation | cybersecurity | data breach | data controllers | data leak | gdpr | online security | personal data