The Independent Inquiry into Child Sexual Abuse (IICSA) Data Breach
"Serious email error leads to identities of child sex abuse victims leaked."
What has happened?
It has been confirmed that the IICSA ("The Independent Inquiry into Child Sexual Abuse") has leaked the private information of 90 people who had signed up to an "inquiry victims and survivors forum" in relation to child abuse.
The IICSA is an inquiry into a range of institutions where allegations of child abuse have been made. Some 13 investigations have been launched, which include institutions such as: Nottinghamshire Council; Lambeth Council; residential schools; and many more.
The purpose of the IICSA is to give a voice to the victims and survivors of child abuse. The IICSA was set up in 2014 after the abuse of Jimmy Saville was revealed following his death. Theresa May (the then home secretary) launched the inquiry to expose the failures of organisations and make sure valuable lessons were learned from the neglect.
Following on from the first day of the hearing, an email was sent out to individuals who had signed up to the "inquiry victims and survivors forum". Unfortunately, the member of staff who sent that email put the email addresses of all the recipients in the "CC" section of the email rather than the confidential "BCC" section. This meant that all the recipients saw each other's information, and their rights to privacy has been breached.
Serious Breach of the Data Protection Act
This is a serious breach of the Data Protection Act 1998. It is a misuse of private information, and can also fall under the realms of a Human Rights Act breach too.
Anyone who received the email could have easily seen the personal and private information of those who signed up to the forum, where people could potentially want to remain anonymous given that the forums cover extremely sensitive issues. In this digital age, information can be spread rapidly, and we understand the huge distress this may cause if your information was included in the email.
The other issue comes down to cyber security. It's so easy these days for email accounts to be hacked and breached, and it will only take one of the group's email accounts to be hacked to lead to the very real chance that the email could go beyond the recipients.
It may already have gone further...
It's important to note that, when filling out the registration form, the IICSA advises that: "Any information you provide in this form will be stored securely and not shared with any third parties". The IICSA also highlights that they are extremely safe and secure, stating on their website:
"Your private information will be treated with the highest levels of security and sensitivity."
Despite these promises, there has been a major breach of confidentiality and had left almost 100 people exposed.
What can you do if you have been affected?
Almost 100 people have been affected by this Data Protection Breach. With it being such sensitive information regarding sexual abuse, it's extremely worrying to think that an inquiry that deals with anonymity on a regular basis has exposed so many of the victims they are supposed to be protecting.
The IICSA has referred themselves to the Information Commissioners Office (ICO), who are the UK's independent body set up to uphold information and data rights. They can investigate breaches and impose decisions and fines on organisations for breaching data protection laws, but they do no compensate victims.
In any event, the information is still out there for potentially a lot of other people to see.
Ultimately, we cannot stop the spread of information. What we can do though is ensure people have the right to legal justice as a victim - and that's what we do. It's of course completely down to the individual, but anyone affected by this has a right to legal action. Although the work of the IICSA is no doubt very much appreciated by the victims, this kind of breach just simply cannot be allowed to happen.
Sadly, this isn't the first time our Data Leak Lawyers have had to help people for very similar breaches - simple errors sending emails when proper IT systems can be utilised to stop this kind of thing from happening. Many look at the "human error" element, but we often focus on the systemic problems. It's not hard at all to have proper IT systems in place to securely send emails rather than trying to do things manually where massive breaches can easily happen. This case is another example of this.
This incident is incredibly similar to the 56 Dean Street Clinic breach that we act for a large group of people for.
Advice about legal action
Our team is here to help if you need us.
You may have been asked to remove the email, and if you have, this will not stop you starting any legal action. The immediate distress and upset caused from receiving the email and realising that your confidential information has been sent to other individuals is essentially the basis for any legal action.
Although you should not have been in this position in the first place, your rights are protected by law, and when confidential information is leaked, we are here to help you.
Please contact us for help if you need any advice on this issue as an affected victim.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us. All fields marked with a * are required.
Latest Blogs from The Data Leak Lawyers
If Equifax thought that news coverage of their huge data protection breach from last year was going away, they're wrong. W...Mar 23, 2018
We have already been contacted by people affected by the Trusted Quid data protection breach, and our Data Leak Lawyers have ...Mar 22, 2018
According to information from a report by privacy advocates Big Brother Watch, despite assurances that local government autho...Mar 21, 2018
Back in 2016, the cybersecurity of Tesco Bank was rigorously questioned, when hackers were able to gain access to 9,000 custo...Mar 20, 2018
A recent study concluded that, in January, almost 40% of data protection breaches in a particular healthcare sector were caus...Mar 19, 2018
Leicester City Council accidentally sent an unsecured spreadsheet to 27 taxi firms that reportedly contained sensitive detail...Mar 16, 2018
Back in 2015, hackers were able to easily access the databases of Carphone Warehouse who had reportedly failed to fix known f...Mar 15, 2018