What has happened?
It has been confirmed that the IICSA ("The Independent Inquiry into Child Sexual Abuse") has leaked the private information of 90 people who had signed up to an "inquiry victims and survivors forum" in relation to child abuse.
The IICSA is an inquiry into a range of institutions where allegations of child abuse have been made. Some 13 investigations have been launched, which include institutions such as: Nottinghamshire Council; Lambeth Council; residential schools; and many more.
The purpose of the IICSA is to give a voice to the victims and survivors of child abuse. The IICSA was set up in 2014 after the abuse of Jimmy Saville was revealed following his death. Theresa May (the then home secretary) launched the inquiry to expose the failures of organisations and make sure valuable lessons were learned from the neglect.
Following on from the first day of the hearing, an email was sent out to individuals who had signed up to the "inquiry victims and survivors forum". Unfortunately, the member of staff who sent that email put the email addresses of all the recipients in the "CC" section of the email rather than the confidential "BCC" section. This meant that all the recipients saw each other's information, and their rights to privacy has been breached.
Serious Breach of the Data Protection Act
This is a serious breach of the Data Protection Act 1998. It is a misuse of private information, and can also fall under the realms of a Human Rights Act breach too.
Anyone who received the email could have easily seen the personal and private information of those who signed up to the forum, where people could potentially want to remain anonymous given that the forums cover extremely sensitive issues. In this digital age, information can be spread rapidly, and we understand the huge distress this may cause if your information was included in the email.
The other issue comes down to cyber security. It's so easy these days for email accounts to be hacked and breached, and it will only take one of the group's email accounts to be hacked to lead to the very real chance that the email could go beyond the recipients.
It may already have gone further...
It's important to note that, when filling out the registration form, the IICSA advises that: "Any information you provide in this form will be stored securely and not shared with any third parties". The IICSA also highlights that they are extremely safe and secure, stating on their website:
"Your private information will be treated with the highest levels of security and sensitivity."
Despite these promises, there has been a major breach of confidentiality and had left almost 100 people exposed.
What can you do if you have been affected?
Almost 100 people have been affected by this Data Protection Breach. With it being such sensitive information regarding sexual abuse, it's extremely worrying to think that an inquiry that deals with anonymity on a regular basis has exposed so many of the victims they are supposed to be protecting.
The IICSA has referred themselves to the Information Commissioners Office (ICO), who are the UK's independent body set up to uphold information and data rights. They can investigate breaches and impose decisions and fines on organisations for breaching data protection laws, but they do no compensate victims.
In any event, the information is still out there for potentially a lot of other people to see.
Ultimately, we cannot stop the spread of information. What we can do though is ensure people have the right to legal justice as a victim - and that's what we do. It's of course completely down to the individual, but anyone affected by this has a right to legal action. Although the work of the IICSA is no doubt very much appreciated by the victims, this kind of breach just simply cannot be allowed to happen.
Sadly, this isn't the first time our Data Leak Lawyers have had to help people for very similar breaches - simple errors sending emails when proper IT systems can be utilised to stop this kind of thing from happening. Many look at the "human error" element, but we often focus on the systemic problems. It's not hard at all to have proper IT systems in place to securely send emails rather than trying to do things manually where massive breaches can easily happen. This case is another example of this.
This incident is incredibly similar to the 56 Dean Street Clinic breach that we act for a large group of people for.
Advice about legal action
Our team is here to help if you need us.
You may have been asked to remove the email, and if you have, this will not stop you starting any legal action. The immediate distress and upset caused from receiving the email and realising that your confidential information has been sent to other individuals is essentially the basis for any legal action.
Although you should not have been in this position in the first place, your rights are protected by law, and when confidential information is leaked, we are here to help you.
Please contact us for help if you need any advice on this issue as an affected victim.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.
Latest Blogs from The Data Leak Lawyers
Our specialist data breach solicitors are working on a No Win, No Fee basis for thousands of clients whose information has be...Oct 28, 2020
There are many reasons as to why hackers target medical records. This is why it's so important for organisations to protect p...Oct 27, 2020
We are Your Lawyers, T/A the Data Leak Lawyers. We specialise in data breach class actions and individual cases, and we repre...Oct 26, 2020
The British Airways ICO fine has been reduced from the proposed £183m initial intention to fine amount to just £20m; represen...Oct 23, 2020
Last week, the Your Lawyers Virgin Media Data Breach Group Action was launched. The action is in support of the 900,000 peopl...Oct 21, 2020
This October marks the 8th year of the European Cybersecurity Month (ECSM), and it is an important thing to mark as a leading...Oct 19, 2020
Your Lawyers (t/a The Data Leak Lawyers) has launched a formal Virgin Media Group Action in support of the 900,000 victims af...Oct 15, 2020