Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The ICO has issued a fine for the IICSA data breach that took place last year. The fine amounts to £200,000.00 given the sensitive nature of the data involved in the breach.
The ICO (Information Commissioner’s Office) said last month that, “This incident placed vulnerable people at risk, which is concerning. IICSA should and could have done more to ensure this did not happen.”
The IICSA data breach was another scenario of a simple but very avoidable data breach that has ultimately led to incredibly sensitive and personal information being exposed.
The Independent Inquiry into Child Sexual Abuse (also known as the IICSA) was set up to investigate institutional failures in protecting children from abuse. On 27 February 2017, an employee sent an email to 90 recipients involved in the Inquiry, which included victims, lawyers and journalists. This email used the ‘Blind Carbon Copy’ function (“BCC”) to mask recipient information, but upon spotting an error in the email, a second email was sent, but the BCC function was not used, resulting in the IICSA data breach.
Unfortunately, the identities of recipients were then disclosed to one another in a breach that’s very similar to the 56 Dean Street Clinic breach we’re running an action for.
The data disclosed in the IICSA data breach was the identities of recipients participating in the inquiry. It’s understood that 52 of the email addresses contained the full names of the participants, or had the label showing their full name, and some of those recipients were victims themselves.
Victims have the right to remain confidential, but their identities have been disclosed in an entirely avoidable incident.
The ICO investigating into the IICSA data breach uncovered some alarming failures. It’s understood that staff did not have any – or any adequate – training or guidance on the importance of ensuring an email of this nature would be sent without incident. It was also found that the Inquiry breached their own privacy notice by sharing the participants’ email addresses with an IT company without consent.
The ICO said that this case was dealt with, “under the provisions and maximum penalties of the Data Protection Act 1998.”
Since the news of the breach came out we have been advising victims of the IICSA data breach.
Anyone who would like to speak to us confidentially about their rights for justice – on a no obligation basis – please contact the team.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020