UK Police data breach involving sex abuse victim’s data made available on the web
November 22, 2022 |
There is a recognised genre of data breaches involving government agencies making sensitive data available on line. It is almost always due to poor data handling practices and flaws in IT controls and website design. It often bespeaks poor access control protocols. The latest reported data breach of this nature is the BBC reports in Suffolk Police apology over sex abuse victims’ data on website that personal details of sex abuse victims appeared on a police website. Australia has had more than its fair share of similar data breaches. In March 2020 the Federal Court published personal details of hundreds of asylum seekers names on line. The Federal Court undertook a review by Professor John McMillan which resulted in a report in August 2020. The report was comprehensive however its focus was on the findings that the Federal Court’s response was generally satisfactory. Not an untypical response an inquiry into an agency’s handling of a data breach. Individual reviews in Australia are remarkably forgiving and not particularly in depth. On how the breach occurred, or more particularly how matters reached a point where it could happen the Report was relatively quiet. In the United Kingdom a similar review would have attracted much less comforting findings. Even a Monetary Penalty. Given a similar breach was experienced by the Department of Immigration involving personal details of almost 10,000 individuals in 2014, which attracted considerable media coverage, it is surprising that the Federal Court would not have been more alert to the sensitivity of such data and the potential consequences of a leak.
The article provides:
An investigation has begun after the personal details of sexual abuse victims appeared on a police website.
Names and addresses of victims could be seen on the Suffolk Police website but “this matter was quickly resolved”, a spokesman confirmed.
Police and crime commissioner Tim Passmore issued an “unreserved apology” for the breach.
A spokeswoman for Suffolk Rape Crisis warned that any leak could “put women at threat of further violence”.
The published information included victims’ names, addresses, dates of birth and details of the offences committed, the East Anglian Daily Times said, with reports it affected “hundreds of people”.
In a statement, the force confirmed an investigation had been launched.
“Suffolk Police were made aware that some personal information, which should not have been uploaded, could be accessed via the constabulary website,” it said.
“This matter was quickly resolved and the information can no longer be accessed.
“We take our obligations under the Data Protection Act very seriously.”
Mr Passmore told BBC Radio Suffolk: “I want to make it clear I am extremely sorry and issue an unreserved apology for anyone who might have been affected.
“I can understand the huge concern it might have caused people who have been victims of this sort of terrible crime.”
He said he had spoken to deputy chief constable Rob Jones to support “anyone in distress” and make sure the inquiry was completed quickly.
However, charity Suffolk Rape Crisis, which supports victims of sexual violence, said it would have “significant concerns” if a victim’s right to lifetime anonymity was violated.
“Survivors have a right to safety and security, and if perpetrators were to have access to women’s addresses and contact details this would be a considerable safety risk and could put women at threat of further violence,” a spokeswoman said.
“We know that women should have control and ownership over to who they share their story, and a data leak would remove this choice.
“In addition, the process of reporting a sexual violence offence to the police can be triggering and reporting rates in Suffolk are still low, so survivors need to feel that Suffolk Constabulary are safe and trustworthy.”
If you are affected by issues raised, call Suffolk Rape Crisis on 0800 0850 520 or find support through the BBC Action Line.