Can you make a data breach claim against Gloucestershire Police?
Following a worrying data breach scandal, Glouceste
rshire Police has been fined £80,000 for sending a bulk email that identified victims of historical child abuse.
Commenting on the breach, Steve Eckersley, Head of Enforcement at the Information Commissioner's Office (ICO) said: "This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity".
As such, those affected should now be looking to claim compensation.
What happened in this case?
A police officer involved in a non-recent sex abuse investigation sent an update on the case to 56 people. These people included victims, witnesses, journalists and lawyers. However, the officer carelessly made all the email addresses viewable by all recipients.
Gloucestershire Police realised the mistake two days after it happened in December 2016. But while it successfully recalled three emails (and one email was undeliverable), 56 full names and emails were visible by to up to 52 people. The email also referenced schools and social services that were being investigated following the allegations of abuse.
On realising its error, the force reported it to the ICO and sent an apology to all recipients. However, this remains a "serious breach" of data protection laws.
What was the result of the investigation?
An investigation by the ICO into the breach found that adequate security processes were not put in place to prevent such errors from occurring. For example, the "bcc" (blind carbon copy) function, which can be used to keep addresses private when sending bulk emails was not automatically selectable on the system. In addition, Gloucestershire Police failed to provide staff with adequate (or any) training, guidance or policies on bulk email communication and the importance of keeping private and sensitive information safe.
The ICO spokesperson added: "The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law - especially when such sensitive and confidential information was involved."
What can you do?
While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO - as in this case - you can use that information to support a data protection compensation claim.
The latest breach by Gloucestershire Police is particularly worrying as those involved were likely to suffer significant distress knowing that they could be identified as victims of child abuse. The investigation also concluded that many of these victims were suffering from the lifelong consequences of this abuse, and were already vulnerable. As such, the failure to protect their privacy is likely to cause considerable emotional anguish.
To make matters worse, despite the findings by the ICO, and while Gloucestershire Police has since apologised for the mistake, it has failed to accept full responsibility. In fact, the force has said that it is disappointed by the decision and is considering an appeal.
While human error does happen, Gloucestershire Police simply did not make sure that appropriate procedures and training was in place to avoid such a breach from occurring. So it must be held to account.
If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.
With strict-time limits in place for making most compensation claims, it's essential to act now.
IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OURCONTACT FORM