What has happened?
It has been confirmed that the IICSA ("The Independent Inquiry into Child Sexual Abuse") has leaked the private information of 90 people who had signed up to an "inquiry victims and survivors forum" in relation to child abuse.
The IICSA is an inquiry into a range of institutions where allegations of child abuse have been made. Some 13 investigations have been launched, which include institutions such as: Nottinghamshire Council; Lambeth Council; residential schools; and many more.
The purpose of the IICSA is to give a voice to the victims and survivors of child abuse. The IICSA was set up in 2014 after the abuse of Jimmy Saville was revealed following his death. Theresa May (the then home secretary) launched the inquiry to expose the failures of organisations and make sure valuable lessons were learned from the neglect.
Following on from the first day of the hearing, an email was sent out to individuals who had signed up to the "inquiry victims and survivors forum". Unfortunately, the member of staff who sent that email put the email addresses of all the recipients in the "CC" section of the email rather than the confidential "BCC" section. This meant that all the recipients saw each other's information, and their rights to privacy has been breached.
Serious Breach of the Data Protection Act
This is a serious breach of the Data Protection Act 1998. It is a misuse of private information, and can also fall under the realms of a Human Rights Act breach too.
Anyone who received the email could have easily seen the personal and private information of those who signed up to the forum, where people could potentially want to remain anonymous given that the forums cover extremely sensitive issues. In this digital age, information can be spread rapidly, and we understand the huge distress this may cause if your information was included in the email.
The other issue comes down to cyber security. It's so easy these days for email accounts to be hacked and breached, and it will only take one of the group's email accounts to be hacked to lead to the very real chance that the email could go beyond the recipients.
It may already have gone further...
It's important to note that, when filling out the registration form, the IICSA advises that: "Any information you provide in this form will be stored securely and not shared with any third parties". The IICSA also highlights that they are extremely safe and secure, stating on their website:
"Your private information will be treated with the highest levels of security and sensitivity."
Despite these promises, there has been a major breach of confidentiality and had left almost 100 people exposed.
What can you do if you have been affected?
Almost 100 people have been affected by this Data Protection Breach. With it being such sensitive information regarding sexual abuse, it's extremely worrying to think that an inquiry that deals with anonymity on a regular basis has exposed so many of the victims they are supposed to be protecting.
The IICSA has referred themselves to the Information Commissioners Office (ICO), who are the UK's independent body set up to uphold information and data rights. They can investigate breaches and impose decisions and fines on organisations for breaching data protection laws, but they do no compensate victims.
In any event, the information is still out there for potentially a lot of other people to see.
Ultimately, we cannot stop the spread of information. What we can do though is ensure people have the right to legal justice as a victim - and that's what we do. It's of course completely down to the individual, but anyone affected by this has a right to legal action. Although the work of the IICSA is no doubt very much appreciated by the victims, this kind of breach just simply cannot be allowed to happen.
Sadly, this isn't the first time our Data Leak Lawyers have had to help people for very similar breaches - simple errors sending emails when proper IT systems can be utilised to stop this kind of thing from happening. Many look at the "human error" element, but we often focus on the systemic problems. It's not hard at all to have proper IT systems in place to securely send emails rather than trying to do things manually where massive breaches can easily happen. This case is another example of this.
This incident is incredibly similar to the 56 Dean Street Clinic breach that we act for a large group of people for.
Advice about legal action
Our team is here to help if you need us.
You may have been asked to remove the email, and if you have, this will not stop you starting any legal action. The immediate distress and upset caused from receiving the email and realising that your confidential information has been sent to other individuals is essentially the basis for any legal action.
Although you should not have been in this position in the first place, your rights are protected by law, and when confidential information is leaked, we are here to help you.
Please contact us for help if you need any advice on this issue as an affected victim.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.
Latest Blogs from The Data Leak Lawyers
Healthcare cyberattacks can be common and they can be absolutely devastating for the victims whose personal data is misused o...Jun 05, 2020
When information is shared without consent, the person whose data has been shared could be entitled to claim compensation, an...Jun 03, 2020
If you've been the victim of a data breach and your debit or credit card details are exposed, you have rights. You may be eli...Jun 02, 2020
If you have been affected by a cyberattack, you could be eligible to make a claim for compensation with us on a No Win, No Fe...Jun 01, 2020
If a letter is sent to the wrong address and this leads to a data breach where your privacy or information has been compromis...May 29, 2020
Anyone who has been affected by government data leaks can be entitled to make a claim for compensation, and we may be able to...May 27, 2020
As we mark the passing of the second anniversary of the GDPR, we take a brief look at what has changed and what needs to happ...May 26, 2020