Child Sexual Abuse (IICSA) Data Breach

Serious email error leads to identities of child sex abuse victims leaked.

The Data Leak Lawyers have vowed to fight for the rights of victims of data leaks, data hacks, and breaches of people's privacy and confidentiality.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

What Has Happened?

It has been confirmed that the IICSA ("The Independent Inquiry into Child Sexual Abuse") has leaked the private information of 90 people who had signed up to an "inquiry victims and survivors forum" in relation to child abuse.

The IICSA is an inquiry into a range of institutions where allegations of child abuse have been made. Some 13 investigations have been launched, which include institutions such as: Nottinghamshire Council; Lambeth Council; residential schools; and many more.

The purpose of the IICSA is to give a voice to the victims and survivors of child abuse. The IICSA was set up in 2014 after the abuse of Jimmy Saville was revealed following his death. Theresa May (the then home secretary) launched the inquiry to expose the failures of organisations and make sure valuable lessons were learned from the neglect.

Following on from the first day of the hearing, an email was sent out to individuals who had signed up to the "inquiry victims and survivors forum". Unfortunately, the member of staff who sent that email put the email addresses of all the recipients in the "CC" section of the email rather than the confidential "BCC" section. This meant that all the recipients saw each other's information, and their rights to privacy has been breached.

Serious Breach Of The Data Protection Act

This is a serious breach of the Data Protection Act 1998. It is a misuse of private information, and can also fall under the realms of a Human Rights Act breach too.

Anyone who received the email could have easily seen the personal and private information of those who signed up to the forum, where people could potentially want to remain anonymous given that the forums cover extremely sensitive issues. In this digital age, information can be spread rapidly, and we understand the huge distress this may cause if your information was included in the email.

The other issue comes down to cyber security. It's so easy these days for email accounts to be hacked and breached, and it will only take one of the group's email accounts to be hacked to lead to the very real chance that the email could go beyond the recipients.

It may already have gone further...

It's important to note that, when filling out the registration form, the IICSA advises that: "Any information you provide in this form will be stored securely and not shared with any third parties". The IICSA also highlights that they are extremely safe and secure, stating on their website:

"Your private information will be treated with the highest levels of security and sensitivity."

Despite these promises, there has been a major breach of confidentiality and had left almost 100 people exposed.

What Can You Do If You Have Been Affected?

Almost 100 people have been affected by this Data Protection Breach. With it being such sensitive information regarding sexual abuse, it's extremely worrying to think that an inquiry that deals with anonymity on a regular basis has exposed so many of the victims they are supposed to be protecting.

The IICSA has referred themselves to the Information Commissioners Office (ICO), who are the UK's independent body set up to uphold information and data rights. They can investigate breaches and impose decisions and fines on organisations for breaching data protection laws, but they do no compensate victims.

In any event, the information is still out there for potentially a lot of other people to see.

Ultimately, we cannot stop the spread of information. What we can do though is ensure people have the right to legal justice as a victim - and that's what we do. It's of course completely down to the individual, but anyone affected by this has a right to legal action. Although the work of the IICSA is no doubt very much appreciated by the victims, this kind of breach just simply cannot be allowed to happen.

Sadly, this isn't the first time our Data Leak Lawyers have had to help people for very similar breaches - simple errors sending emails when proper IT systems can be utilised to stop this kind of thing from happening. Many look at the "human error" element, but we often focus on the systemic problems. It's not hard at all to have proper IT systems in place to securely send emails rather than trying to do things manually where massive breaches can easily happen. This case is another example of this.

This incident is incredibly similar to the 56 Dean Street Clinic breach that we act for a large group of people for.

Advice About Legal Action

Our team is here to help if you need us.

You may have been asked to remove the email, and if you have, this will not stop you starting any legal action. The immediate distress and upset caused from receiving the email and realising that your confidential information has been sent to other individuals is essentially the basis for any legal action.

Although you should not have been in this position in the first place, your rights are protected by law, and when confidential information is leaked, we are here to help you.

Please contact us for help if you need any advice on this issue as an affected victim.

Our Services

Our lawyers and legal team are dedicated to helping the victims of data leaks, data hacks and breaches of confidentiality. It's what we do.

No Win No Fee
No Win, No Fee

You could be eligible to claim now with our Genuine No Win, No Fee legal representation

Find out More
Current Claims
Quick & Easy Start

It is quick and easy to get your claim started now. Register a callback and speak to the team for free advice here.

Start My Claim
Compensation Amounts
Compensation Amounts

As of 2022, we have recovered over £1m in data breach damages with average an pay-out of over £6,000 in compensation

Discover More

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon