The Service of the British Information Commissioner (ICO), a local regulator in the field of protecting personal data, has issued a warning to organizations processing personal identifying information from citizens. The warning highlights the danger of leaks of personal data, particularly in cases involving domestic violence victims, as such violations can put people’s lives under a very real threat.
Over the past 14 months, the ICO has reprimanded seven organizations for violating confidential information storage protocols. The organizations include a law firm, housing association, medical trust, state department, local councils, and police service.
Among the cases identified, four situations involved organizations revealing the safe addresses of domestic violence victims to the accused. In one case, the victim and her family had to be immediately relocated for their safety. Additionally, there were incidents where the personal information of women seeking information about their partners was inadvertently disclosed. Furthermore, the home address of two adopted children was revealed to their native father, who was serving a sentence for raping their mother. Lastly, non-edited reports with confidential information about children in high-risk situations were wrongly sent to the former partners of their mother.
The Information Commissioner’s Office has concluded that the main cause of these violations is the lack of appropriate staff training and the use of unreliable data processing procedures.
Information Commissioner, John Edwards, expressed his concern, stating, “These families sought help to escape violence and ensure safety. However, those they trusted ended up further endangering them.”
Edwards stressed the importance of correctly organizing work with personal data. This includes the implementation of double verification processes by responsible individuals before any transfer, alteration, or disclosure of personal information. Furthermore, it is recommended to restrict access to sensitive information through the use of passwords and access control systems.