ICO issues fine for IICSA data breach
council email data leaks

ICO issues fine for IICSA data breach

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

The ICO has issued a fine for the IICSA data breach that took place last year. The fine amounts to £200,000.00 given the sensitive nature of the data involved in the breach.

The ICO (Information Commissioner’s Office) said last month that, “This incident placed vulnerable people at risk, which is concerning. IICSA should and could have done more to ensure this did not happen.”

The IICSA data breach was another scenario of a simple but very avoidable data breach that has ultimately led to incredibly sensitive and personal information being exposed.

What happened in the IICSA data breach?

The Independent Inquiry into Child Sexual Abuse (also known as the IICSA) was set up to investigate institutional failures in protecting children from abuse. On 27 February 2017, an employee sent an email to 90 recipients involved in the Inquiry, which included victims, lawyers and journalists. This email used the ‘Blind Carbon Copy’ function (“BCC”) to mask recipient information, but upon spotting an error in the email, a second email was sent, but the BCC function was not used, resulting in the IICSA data breach.

Unfortunately, the identities of recipients were then disclosed to one another in a breach that’s very similar to the 56 Dean Street Clinic breach we’re running an action for.

Data disclosed in the IICSA data breach

The data disclosed in the IICSA data breach was the identities of recipients participating in the inquiry. It’s understood that 52 of the email addresses contained the full names of the participants, or had the label showing their full name, and some of those recipients were victims themselves.

Victims have the right to remain confidential, but their identities have been disclosed in an entirely avoidable incident.

Damning revelations identified by the ICO investigating the IICSA data breach

The ICO investigating into the IICSA data breach uncovered some alarming failures. It’s understood that staff did not have any – or any adequate – training or guidance on the importance of ensuring an email of this nature would be sent without incident. It was also found that the Inquiry breached their own privacy notice by sharing the participants’ email addresses with an IT company without consent.

The ICO said that this case was dealt with, “under the provisions and maximum penalties of the Data Protection Act 1998.”

Compensation for victims of the IICSA data breach

Since the news of the breach came out we have been advising victims of the IICSA data breach.

Anyone who would like to speak to us confidentially about their rights for justice – on a no obligation basis – please contact the team.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon