Warning comes after the Information Commissioner’s Office (ICO) reprimands seven organisations in the past 14 months for data breaches affecting victims of domestic abuse, including South Wales Police.
The UK information watchdog has today called on organisations to handle personal information properly to avoid putting victims of domestic abuse at the risk of further danger.
Data breaches subject to ICO reprimands include:
“Four cases of organisations revealing the safe addresses of the victims to their alleged abuser. In one case a family had to be immediately moved to emergency accommodation;
“Revealing identities of women seeking information about their partners to those partners;
“Disclosing the home address of two adopted children to their birth father, who was in prison on three counts of raping their mother;
“Sending an unredacted assessment report about children at risk of harm to their mother’s ex-partners.”
“A data breach can be a matter of life or death”
Nicole Jacobs, the Domestic Abuse Commissioner for England and Wales said: “It takes a huge amount of bravery for victims and survivors of domestic abuse to come forward, and many go to extreme lengths to protect themselves from the perpetrator. To then be exposed to further harm due to poor data handling is a serious setback.
“That seven organisations have breached victims’ data in the past two years, with some sharing their address with the perpetrator, is extremely dangerous. For victims of domestic abuse, a data breach can be a matter of life or death.”
Organisations committing the errors were Bolton at Home, Jackson Quinn solicitors, South Wales Police, Wakefield Council, the Department for Work and Pensions, University Hospitals Dorset NHS Foundation Trust, and Nottinghamshire County Council.
Lack of staff training and robust procedures
Root causes for the breaches varied according to the ICO report, but common themes were a lack of staff training and failing to have robust procedures in place to handle personal information safely.
John Edwards, UK Information Commissioner, said: “These families reached out for help to escape unimaginable violence, to protect them from harm and to seek support to move forward from dangerous situations. But the very people that they trusted to help, exposed them to further risk.
“This is a pattern that must stop. Organisations should be doing everything necessary to protect the personal information in their care. The reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place.
“Getting the basics right is simple – thorough training, double checking records and contact details, restricting access to information – all these things reduce the risk of even greater harm.
“Protecting the information rights of victims of domestic abuse is a priority area for my office, and we will be providing further support and advice to help keep people safe.”
“There is no room for basic mistakes”
ICO also issued advice and guidance to help organisations handle people’s information appropriately.
“Have processes in place to support those who need it;
“Regularly check contact information;
“Avoid inappropriate access;
“Always double check;
“Ensure training is thorough and relevant.”
Nicole Jacobs, the Domestic Abuse Commissioner for England and Wales said: “I wholeheartedly support the information commissioner’s calls on organisations to handle the information of victims of domestic abuse safely.
“There is no room for basic mistakes – all organisations that handle victims’ data must implement proper training, robust processes, and regular checking.
“I welcome that the Information Commissioner has made the information of victims and survivors of domestic abuse a priority, and look forward to working together to keep all victims safe.”