Bristol City Council email data breach reveals disabled children’s names
Hundreds of families with disabled children have had their identities shared without their consent following an error by Bristol City Council.
Bristol City Council emailed the primary carers of hundreds of disabled children asking for their views on a new support service. Due to an error in the way the email was sent, the names of all of the children and their primary carers email addresses were visible to everyone who received the email.
When sending the same email to multiple recipients, the correct approach is to ‘blind carbon copy’ or ‘Bcc’ the various recipients. This means that the email addresses of the other recipients will be hidden, with each person who receives the email only able to see their own email address.
It appears that, in this case, whoever sent the email, used the standard ‘carbon copy’ or ‘cc’ function instead. As a result, every recipient could see every other recipient’s email address and the name of the disabled child for whom that recipient was the primary carer.
Ann James, the Bristol City Council director responsible for children and families has apologised to everyone who received the email and asked them to delete it.
In a letter sent to those affected, reported in The Bristol Post, Ms James confirmed that this error was a breach of GDPR. She said: "This means that personal information was shared this morning, which should not have been."
"We did not use 'blind carbon copy' when sending an email to you this morning, and as a result your child's name and your email address could be viewed by everyone who received the email."
"The breach was caused by human error and I apologise unreservedly for any distress that this may have caused you or your family.”
Ms James confirmed that the matter had been referred to the Information Commissioner's Office (ICO), which will be investigating and making recommendations.
A spokesperson for Bristol City Council said: “Where staff have made a mistake the matter is addressed as a training issue, and where there have been failures in policy or process any necessary changes are made to reduce the risk of a similar incident occurring in the future.”
Wondering if you may be entitled to compensation for the Bristol City Council email data breach? Please get in touch.
What to do if you are worried about the Bristol City Council data breach?
If your family has been affected by the Bristol City Council email data breach, you should have been contacted already. If you believe your child’s name and/or your email address were exposed and you have not been contacted, you should contact the council directly to confirm whether you are affected and what steps they will be taking.
While the scope of this data breach is relatively contained, with the email apparently only having been sent to primary carers of the disabled children in question, it is still possible the data in question could fall into the hands of people who might use it for fraudulent purposes.
It is therefore important to be wary of any emails, phone calls or other communications you receive, especially from people claiming to represent Bristol City Council. These could be ‘phishing’ attacks aimed at extracting more personal information from you or scams intended to get you to transfer money to the scammers.
Never share any personal information with, or make any payment to, anyone who contacts you unless you are absolutely sure that they are legitimate and there is a valid reason to do so.
There are also various steps you can take to minimise the risk of your data being used by cybercriminals. Take a look at our guide to what to do if your data has been stolen in a data breach to find out more.
It is also worth considering whether you may be entitled to compensation as a result of the Bristol City Council email data breach. This is something the team at Hayes Connor will be happy to discuss with you.
How Hayes Connor can help you?
When an organisation, such as a local council, holds data about you or your children, it has a legal duty to protect that data. Part of that legal duty involves having in place clear processes for an organisation’s staff to prevent issues such as the accidental sharing of private information.
Hayes Connor has one of the largest teams of data breach claims specialists in the country, with a wealth of experience. If you are a victim of the Bristol City Council email data breach, we can advise you on whether you are likely to have grounds for a claim, the level of compensation you may be entitled to and what you need to do to start a claim.
Our goal is to ensure that anyone who is affected by a data breach is able to get the compensation they deserve, while making the claims process as simple and stress-free as possible.
Compensation may be recoverable even where there is no proof of harm caused. However, the emotional distress experienced by families due to the sensitive nature of the situation means that more substantial damages may be available.
You can find out more about our expertise and how we handle data breach claims here.
To start a claim, you can use our online claim form.
To speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135.