Reading:
Gloucestershire police data breach fine
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The 2016 Gloucestershire police data breach has led to a fine imposed by the Information Commissioner’s Office (ICO) in the sum of £80,000.00.
The incident that took place on 19 December 2016 involved a Gloucestershire police offer sending an update to 56 individuals in respect of allegations of abuse. The officer inadvertently placed the email addresses of the recipients into the “To” field instead of the “BCC” field, resulting in the identities of the recipients being revealed to one another.
The email itself is thought to have revealed information about schools and other organisations being investigated as part of the allegations.
The Gloucestershire police data breach was a serious incident. The email revealed the identities of the recipients to one another, and the recipients included alleged victims, lawyers and journalists. With some of the victims having been granted lifelong anonymity, their identities have been revealed as a result of this breach that was an entirely preventable incident.
Had the BCC (Blind Carbon Copy) function been used, the identities of the 56 recipients would have been hidden.
Given the lifelong anonymity of the victims involved, and the information about organisations being investigated, the impact of the Gloucestershire police data breach is huge.
It’s understood that there were 56 recipients of the email, with all but one of the emails successfully delivered, and just three successfully recalled by the police when they realised the error they had made. This means that at least 52 of the recipients received the breach email.
Steve Eckersley at the ICO had this to say:
“This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity.
The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law – especially when such sensitive and confidential information was involved.”
The Gloucestershire police data breach was, in reality, not an isolated incident. This is not the first time that someone has accidentally sent a breach email by neglecting to use the BCC function.
The 56 Dean Street data breach we’re dealing with is a prominent example of this.
Given that the breach took place at the end of 2016, Gloucestershire police have avoided a GDPR fine, but they have received a significant fine of £80,000.00 as a result of the breach.
Victims of police data breaches can be entitled to claim for data breach compensation.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
