On 27 Sept 2023 the ICO called on organisations to handle personal information properly to avoid putting victims of domestic abuse at the risk of further danger. The warning comes after the ICO reprimanded seven organisations in the past 14 months for data breaches affecting victims of domestic abuse. They include:

  • Four cases of organisations revealing the safe addresses of the victims to their alleged abuser. In one case a family had to be immediately moved to emergency accommodation.
  • Revealing identities of women seeking information about their partners to those partners.
  • Disclosing the home address of two adopted children to their birth father, who was in prison on three counts of raping their mother.
  • Sending an unredacted assessment report about children at risk of harm to their mother’s ex-partners.

Organisations involved include a law firm, a housing association, an NHS trust, a government department, local councils and a police service. Root causes for the breaches vary, but common themes are a lack of staff training and failing to have robust procedures in place to handle personal information safely.

Our Advice

  • Have processes in place to support those who need it
  • Regularly check contact information, double check
  • Avoid inappropriate access
  • Ensure training is thorough and relevant

Source https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/

This alert provides information and advice about data protection, and the risks associated with non compliance. If you or your organisation has fallen victim to a data protection breach, you should report it to your Local Data Protection Specialist.

For further discussion and support, including data protection awareness training services please email dpa@tiaa.co.uk