Wakefield Council reprimanded over domestic abuse data breach which put the safety of family at risk

Wakefield Council has been reprimanded over a domestic abuse data breach which put the safety of a mum and her children at risk.

Emergency action had to be taken after court documents containing the address of the vulnerable family members were released to the father.

The Information Commissioner’s Office (ICO) today named the council as one of seven organisations to have been reprimanded for data breaches affecting victims of domestic abuse in the past 14 months.

Hide Ad
Hide Ad

The criticism comes after an incident in March 2022 when the council released court papers in relation to child protection legal proceedings.

County Hall in WakefieldCounty Hall in Wakefield
County Hall in Wakefield

The documents contained a medical report which included the home address of the mother and her two children.

At the time, the mother was fearful of the father due to a history of ongoing domestic violence and a break-in at their previous accommodation.

An IFO investigator’s report says: “The father did not and should not know the mother’s home address.

Hide Ad
Hide Ad

“As a result of the breach, the mother and her children had to be moved into emergency alternative accommodation on the same day of the breach.”

An internal investigation found that the cause of the breach was a failure by a social worker to identify that the mother’s address was included in the medical report.

The report adds: “The social worker sent the documents to the team manager, who subsequently sent them to the legal department.

“The legal department then filed the documents to all parties of the proceedings, which included the father.”

Hide Ad
Hide Ad

The council has since taken steps to prevent a similar incident, including creating a guide for workers on how to redact confidential information.

The report adds: “After careful consideration, and based on the information provided, we have decided to issue the council with a reprimand

“The council has failed to ensure an appropriate level of security of personal data, resulting in the inappropriate disclosure of personal data relating to three data subjects.”

Since June 2022, the ICO has issued reprimands to seven organisations for data breaches affecting victims of domestic abuse.

Hide Ad
Hide Ad

Breaches include four cases of organisations revealing the safe addresses of victims to their alleged abuser.

Organisations involved include a law firm, a housing association, an NHS trust, a government department, local councils and a police service.

The IFO said the causes of the breaches vary but “common themes” are a lack of staff training and failing to have robust procedures in place to handle personal information safely.

John Edwards, UK Information Commissioner, said: “These families reached out for help to escape unimaginable violence, to protect them from harm and to seek support to move forward from dangerous situations.

Hide Ad
Hide Ad

“But the very people that they trusted to help, exposed them to further risk.

“This is a pattern that must stop. Organisations should be doing everything necessary to protect the personal information in their care.

“The reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place.

“Getting the basics right is simple – thorough training, double checking records and contact details, restricting access to information – all these things reduce the risk of even greater harm.

Hide Ad
Hide Ad

“Protecting the information rights of victims of domestic abuse is a priority area for my office, and we will be providing further support and advice to help keep people safe.”

Gillian Marshall, Wakefield Council’s chief legal officer, said “I’d like to reassure all our residents that we responded very quickly to this breach and immediately made sure that those affected were safe.

“We have taken learning from it and made improvements across the council to ensure the way we protect personal data is as robust as possible.

“We have new internal processes which are regularly tested and reviewed alongside ongoing assurance checks.

“No data breach is acceptable, and we will do everything we can to prevent it happening again.”