Skip to main content


Breach of privacy: The Independent Inquiry into Child Sexual Abuse discloses victims' identities in email error

The Independent Inquiry into Child Sexual Abuse ('IICSA') has referred itself to the Information Commissioner's Office ('ICO') after accidentally disclosing the identities of 90 victims of sexual abuse who had signed up via its website.

The website allowed victims to submit information to IICSA on a confidential basis. Unfortunately, the IICSA sent each victim a 'round robin' email which included all the other victims' addresses in the 'cc' section, thus disclosing their identity.

This type of data breach is sadly not unusual.  The Chelsea and Westminster NHS Foundation Trust was fined £180,000 by the ICO in May 2016 after its 56 Dean Street sexual health clinic sent an email newsletter to 781 patients receiving HIV treatment, disclosing their identities to each other (see our blog piece here).  The intention had been to use the 'bcc' section rather than 'cc' section.

The IICSA has apologised after mistakenly sending out confidential information.

In addition to any regulatory action taken by the ICO, the ICCSA faces the prospect of individual claims for compensation from the individuals affected pursuant to the Data Protection Act 1998 and/or for the misuse of private information/breach of confidence.

Click here if you require more information on how Brett Wilson LLP privacy solicitors can assist you if your privacy has been breached.


Legal Disclaimer

Articles are intended as an introduction to the topic and do not constitute legal advice.