Safe addresses of domestic violence victims leaked to abusers in council data breaches

John Edwards, the Information Commissioner, said organisations should be doing 'everything necessary to protect the personal information in their care'
John Edwards, the Information Commissioner, said organisations should be doing 'everything necessary to protect the personal information in their care'

Safe addresses of domestic violence victims and their children have been revealed to their alleged abusers in data breaches by councils, the Information Commissioner has disclosed.

John Edwards, who leads the Information Commissioner’s Office (ICO), has reprimanded seven organisations - also including a police force, NHS trust,  the Department of Work and Pensions (DWP), a law firm and housing charity - for the breaches that put domestic abuse victims and their children in danger.

He said the families seeking to escape “unimaginable violence” had been let down by the “very people that they trusted to help” and had been exposed to further risk. “This is a pattern that must stop,” he said.

“Organisations should be doing everything necessary to protect the personal information in their care.

“The reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place.”

He cited four cases of organisations revealing the safe addresses of the victims to their alleged abuser. In one case, a family had to be immediately moved to emergency accommodation.

One was Labour-controlled Wakefield District Council, which sent a court bundle that included the home address of a mother and her two children to the father who had a history of ongoing domestic violence and had broken into her previous house.

The mother and children had to move to an emergency alternative home on the same day.

In another case, housing charity Bolton at Home left a message on the phone of a husband whom a woman was intending to leave after alleged domestic abuse, revealing to him the new address where she planned to move.

Meanwhile, women seeking information about their partners had their identities revealed to those men by South Wales Police, while a firm of solicitors, Jackson Quinn, disclosed the home address of two adopted children to their birth father, who was in prison on three counts of raping their mother.

Nicole Jacobs, the domestic abuse commissioner for England and Wales, called the leaks a 'serious setback'
Nicole Jacobs, the domestic abuse commissioner for England and Wales, called the leaks a 'serious setback' - Rii Schroer

Conservative-controlled Nottinghamshire County Council sent an unredacted assessment report about children at risk of harm to their mother’s ex-partners.

Mr Edwards said the root causes for the breaches were primarily lack of staff training and failing to have robust procedures in place to handle personal information safely.

“Getting the basics right is simple - thorough training, double checking records and contact details, restricting access to information - all these things reduce the risk of even greater harm,” he said.

“Protecting the information rights of victims of domestic abuse is a priority area for my office, and we will be providing further support and advice to help keep people safe.”

Nicole Jacobs, the domestic abuse commissioner for England and Wales, said: “It takes a huge amount of bravery for victims and survivors of domestic abuse to come forward, and many go to extreme lengths to protect themselves from the perpetrator.

“To then be exposed to further harm due to poor data handling is a serious setback.

“That seven organisations have breached victims’ data in the past two years, with some sharing their address with the perpetrator, is extremely dangerous. For victims of domestic abuse, a data breach can be a matter of life or death.”