We are currently experiencing network problems with the desktop version of Police Oracle. We hope to have these resolved as soon as possible.

Data breaches affecting domestic abuse victims 'must stop'

South Wales Police is one of the seven organisations that has been reprimanded by the ICO since June 2022.

Organisations must introduce better staff training and more robust procedures to reverse an alarming "pattern" of data breaches involving the personal information of domestic abuse victims.

Over the last 14 months, the Information Commissioner’s Office (ICO) has issued reprimands to seven organisations for such data breaches - including South Wales Police.

In August 2022, the force was reprimanded for disclosing the identities of women who had applied for information under the Domestic Violence Disclosure Scheme and the Child Sex Offender Disclosure Scheme to the people they were requesting information about, or to their’ partners.

In one case, the partner had previous convictions for violence and sexual assault.  

Alongside South Wales Police, the organisations reprimanded included a law firm, a housing association, an NHS trust, a government department and two local councils.

The UK Information Commissioner John Edwards says organisations "should be doing everything necessary" to protect this data.

“These families reached out for help to escape unimaginable violence, to protect them from harm and to seek support to move forward from dangerous situations. But the very people that they trusted to help, exposed them to further risk. 

“This is a pattern that must stop...the reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place."

In four of the cases, organisations revealed the safe addresses of the victims to their alleged abuser. In one case a family had to be immediately moved to emergency accommodation. 

Another breach saw the home address of two adopted children disclosed to their birth father, who is currently in prison for raping their mother.

In a separate incident, an unredacted assessment report about children at risk of harm was sent to their mother’s ex-partners.

Root causes for the breaches vary, but common themes are a lack of staff training and failing to have robust procedures in place to handle personal information safely. 

Mr Edwards added: "Getting the basics right is simple – thorough training, double checking records and contact details, restricting access to information - all these things reduce the risk of even greater harm."

According to the ICO, organisations that work with domestic abuse victims should make sure staff know how to handle their data with extra care.

They should also be able to accommodate any requests for privacy - such as a request not to share their data - including when people have specific accessibility requirements such as needing an interpreter.  

Leave a Comment
View Comments 1
In Other News
Consultation launched on tougher sentences for domestic killers
CoLP launches strategy for fraud, economic and cyber crime
Scottish government provides financial support for those fleeing abuse More News