What has happened?
It has been confirmed that the IICSA ("The Independent Inquiry into Child Sexual Abuse") has leaked the private information of 90 people who had signed up to an "inquiry victims and survivors forum" in relation to child abuse.
The IICSA is an inquiry into a range of institutions where allegations of child abuse have been made. Some 13 investigations have been launched, which include institutions such as: Nottinghamshire Council; Lambeth Council; residential schools; and many more.
The purpose of the IICSA is to give a voice to the victims and survivors of child abuse. The IICSA was set up in 2014 after the abuse of Jimmy Saville was revealed following his death. Theresa May (the then home secretary) launched the inquiry to expose the failures of organisations and make sure valuable lessons were learned from the neglect.
Following on from the first day of the hearing, an email was sent out to individuals who had signed up to the "inquiry victims and survivors forum". Unfortunately, the member of staff who sent that email put the email addresses of all the recipients in the "CC" section of the email rather than the confidential "BCC" section. This meant that all the recipients saw each other's information, and their rights to privacy has been breached.
Serious Breach of the Data Protection Act
This is a serious breach of the Data Protection Act 1998. It is a misuse of private information, and can also fall under the realms of a Human Rights Act breach too.
Anyone who received the email could have easily seen the personal and private information of those who signed up to the forum, where people could potentially want to remain anonymous given that the forums cover extremely sensitive issues. In this digital age, information can be spread rapidly, and we understand the huge distress this may cause if your information was included in the email.
The other issue comes down to cyber security. It's so easy these days for email accounts to be hacked and breached, and it will only take one of the group's email accounts to be hacked to lead to the very real chance that the email could go beyond the recipients.
It may already have gone further...
It's important to note that, when filling out the registration form, the IICSA advises that: "Any information you provide in this form will be stored securely and not shared with any third parties". The IICSA also highlights that they are extremely safe and secure, stating on their website:
"Your private information will be treated with the highest levels of security and sensitivity."
Despite these promises, there has been a major breach of confidentiality and had left almost 100 people exposed.
What can you do if you have been affected?
Almost 100 people have been affected by this Data Protection Breach. With it being such sensitive information regarding sexual abuse, it's extremely worrying to think that an inquiry that deals with anonymity on a regular basis has exposed so many of the victims they are supposed to be protecting.
The IICSA has referred themselves to the Information Commissioners Office (ICO), who are the UK's independent body set up to uphold information and data rights. They can investigate breaches and impose decisions and fines on organisations for breaching data protection laws, but they do no compensate victims.
In any event, the information is still out there for potentially a lot of other people to see.
Ultimately, we cannot stop the spread of information. What we can do though is ensure people have the right to legal justice as a victim - and that's what we do. It's of course completely down to the individual, but anyone affected by this has a right to legal action. Although the work of the IICSA is no doubt very much appreciated by the victims, this kind of breach just simply cannot be allowed to happen.
Sadly, this isn't the first time our Data Leak Lawyers have had to help people for very similar breaches - simple errors sending emails when proper IT systems can be utilised to stop this kind of thing from happening. Many look at the "human error" element, but we often focus on the systemic problems. It's not hard at all to have proper IT systems in place to securely send emails rather than trying to do things manually where massive breaches can easily happen. This case is another example of this.
This incident is incredibly similar to the 56 Dean Street Clinic breach that we act for a large group of people for.
Advice about legal action
Our team is here to help if you need us.
You may have been asked to remove the email, and if you have, this will not stop you starting any legal action. The immediate distress and upset caused from receiving the email and realising that your confidential information has been sent to other individuals is essentially the basis for any legal action.
Although you should not have been in this position in the first place, your rights are protected by law, and when confidential information is leaked, we are here to help you.
Please contact us for help if you need any advice on this issue as an affected victim.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.
Latest Blogs from The Data Leak Lawyers
Following a breach of Guntrader.uk, a website that leads in buying and selling of guns in the UK, it is understood that thous...Aug 04, 2021
According to recent data analysis by Redscan, Trusts have begun to deal with and address NHS cyber-skills shortages in the pa...Aug 03, 2021
A former Wiltshire Council social worker has reportedly been taken to court over a "serious breach of trust", having been fou...Aug 02, 2021
It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the polic...Jul 30, 2021
In many cases, data protection breaches arise as a result of human error. A CybSafe analysis of data breaches reported to the...Jul 28, 2021
A recent postbox theft at a GP surgery in Norwich has demonstrated the sometimes unexpected forms that data crime can come in...Jul 27, 2021
In February last year, it was revealed that Redcar and Cleveland Council had fallen prey to a cyber-attack, bringing many of ...Jul 26, 2021