Data breaches putting domestic abuse victims’ lives at risk, says UK watchdog

<span>Photograph: Islandstock/Alamy</span>
Photograph: Islandstock/Alamy

Councils, police forces and hospitals are putting women’s lives at risk by accidentally disclosing domestic abuse victims’ addresses to perpetrators, the UK’s information watchdog has said.

John Edwards, the information commissioner, who has reprimanded seven organisations in just over a year for data breaches affecting victims of abuse, said: “This is a pattern that must stop.”

Complex databases and a lack of training have been identified as causes of the lapses, which Nicole Jacobs, the domestic abuse commissioner for England and Wales, described as “extremely dangerous” .

After one data breach involving Wakefield council, a domestic violence victim and her children had to be urgently rehoused. In another involving South Wales police, the name of a woman trying to check if her partner was a child abuser was disclosed to the man. She was trying to use Sarah’s law, which was introduced to provide access to sex offender registers after the murder of eight-year-old Sarah Payne in 2000 by a convicted sex offender.

Solicitors and the department for work and pensions were also responsible for data breaches, the Information Commissioner’s Office (ICO) said.

Edwards is calling for data handlers to receive more training and to double-check records and contact details, and for access to information to be further restricted to reduce the risk of harm. Every year, 1.7 million women suffer domestic abuse, according to the crime survey for England and Wales.

“These families reached out for help to escape unimaginable violence, to protect them from harm and to seek support to move forward from dangerous situations,” Edwards said. “But the very people that they trusted to help, exposed them to further risk.”

In one case that triggered a reprimand from the ICO, a woman had approached a subsidiary of the social housing provider Bolton at Home for help escaping her husband, a violent domestic abuser. But a staff member left a voicemail on the alleged abuser’s phone with the woman’s new address even though he did not know she was planning to leave him. The man ended up going to the address.

In another incident in South Wales, police told a man with convictions for violence and sexual assault that his parter had applied for information about him under the domestic violence disclosure scheme, introduced after the 2009 murder of Clare Wood by her ex-boyfriend.

In the Wakefield council case, it was handling child protection court proceedings when it sent the woman’s partner documents including the address where she lived with her two children, despite her living in fear of the man due to a history of domestic violence. The mother and her children had to be moved into emergency alternative accommodation on the same day as the data breach.

Wakefield, Bolton at Home and South Wales police have all since introduced remedial measures.

“For victims of domestic abuse, a data breach can be a matter of life or death,” said Jacobs. “There is no room for basic mistakes – all organisations that handle victims’ data must implement proper training, robust processes and regular checking.”

Farah Nazeer, the chief executive of the domestic abuse charity Women’s Aid, said: “These highly concerning data breaches have undermined women’s safety, had severe consequences for women and children’s lives and show just how urgently public services need to improve their understanding and responses to domestic abuse.”