The UK Information Commissioner, John Edwards, has issued a stern warning to all organisations to handle personal information of victims of domestic abuse with the utmost care. This comes after the Information Commissioner’s Office (ICO) reprimanded seven organisations over the past 14 months for data breaches that put victims in further danger. The cases included instances where safe addresses were exposed to abusers, identities of women seeking information revealed to their partners, and unredacted reports about children at risk sent to the wrong recipients.
The breaches were traced back to several organisations including a law firm, a housing association, an NHS trust, a government department, local councils and a police service. The common root causes were lack of adequate staff training and absence of robust procedures to handle personal information safely. Edwards emphasised the need for thorough training, double-checking records and restricting access to information as fundamental steps in protecting sensitive data.
The ICO has been proactive in reducing the impact of fines on the public by working closely with the public sector and encouraging compliance with data protection laws. Along with issuing reprimands, the ICO provided clear instructions on how to improve data protection practices. They recommend having processes that support those who need it, regularly checking contact information, avoiding inappropriate access, double-checking information before transferring or disclosing and ensuring training is thorough and relevant.
The call to action by the Information Commissioner is supported by key organisations such as Women’s Aid and the Domestic Abuse Commissioner for England and Wales. They all emphasize the importance of protecting personal data of victims of domestic abuse as a matter of life and death.