'Someone will get killed': Lives of domestic abuse victims put at risk by police and NHS data breaches

27 September 2023, 00:33

By Charlotte Lynch

@charlotterlynch

Domestic abuse victims' lives have been put at risk by some police forces, NHS Trusts, and a government department, who've mistakenly shared their details with perpetrators, it has been claimed.

The data watchdog says breaches have been made by at least seven organisations, which also include local councils and law firms, in the last 14 months.

The Information Commissioner has highlighted alarming "slips" by the services which are supposed to offer "care and protection" to victims, including four cases where the safe addresses of the victims were given to their alleged abuser. In one case a family had to be immediately moved to emergency accommodation.

In another shocking breach, the home address of two adopted children were disclosed to their birth father, who was in prison on three counts of raping their mother.

Others were found to have revealed the identities of women who were seeking information about their abusive partners, to the alleged perpetrators themselves. An unredacted assessment report about children at risk of harm was also sent to their mother’s ex-partner.

Read more: 'Very strong possibility' Russia linked to 'shocking' rise in security breaches at Britain's nuclear submarine base

John Edwards, the UK Information Commissioner, told LBC he fears "someone is going to get killed" if organisations don't start taking the breaches seriously.

He described the mistakes as "silly slips" by organisations "who have no excuse", as he urged them to better train staff to ensure victims aren't put at further risk.

The specific services have not been named, but include a law firm, a housing association, an NHS trust, a government department, local councils and a police service.

Edwards told LBC the breaches were "heart-breaking" and "disappointing because it needn't happen."

He said: "In most of these situations you have someone who has been in a very vulnerable position, she has summoned the courage and the strength to seek help and to change the situation, usually for children as well, and then is let down by the very organisation that should be protecting her."

He also issued a warning that the seven organisations which have been reprimanded by his department in the last 14 months is "just the tip of the iceberg."

Edwards has called on organisations to handle personal information properly to avoid putting victims of domestic abuse at the risk of further danger, saying they "should be doing everything necessary to protect the personal information in their care.

Read more: Man, 50, charged under the Terrorism Act for possessing documents linked to Northern Ireland police data breach

"The reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place.

"Getting the basics right is simple – thorough training, double checking records and contact details, restricting access to information - all these things reduce the risk of even greater harm.

"Protecting the information rights of victims of domestic abuse is a priority area for my office, and we will be providing further support and advice to help keep people safe."

Root causes for the breaches vary, but common themes are a lack of staff training and failing to have robust procedures in place to handle personal information safely.

The Information Commissioner's Office is urging departments to ensure their training is thorough and relevant, and says many breaches can be prevented by simple measures, like ensuring staff always double check before any personal information is transferred, altered or disclosed.