Home / Data Breaches / Abuse Victims Left Exposed by Significant Breach

Abuse Victims Left Exposed by Significant Breach

 In Data Breaches, Data Protection, Wizuda News

Abuse Victim Exposure & £200k Data Breach Penalty Could Have Been Prevented.

Vulnerable abuse victims left exposed by significant breach caused by human error.

According to a report by BBC News in July 2018, the Independent Inquiry into Child Sexual Abuse in the UK has been fined £200,000 after sending a mass email that identified possible abuse victims.

The incident reported an enquiry staff member emailing 90 people using the ‘To’ field instead of the ‘Bcc’ field, which meant the email addresses of the victims were sent to the entire email group.

The Information Commissioner’s Office (ICO) said the incident that occurred in 2017 was a breach of the Data Protection Act.

Commenting on the breach, Danielle Cussen, Managing Director, Wizuda, said “This is a significant error on a number of levels. Most worryingly at a human level given the nature of the inquiry and the sensitivity of the individuals information. A group of vulnerable individuals had their email addresses shared with 90 people and over 50 of the email addresses contained first and second names. Anyone on that list could quite easily identity the individuals through a simple Google or social media search. This is most disturbing.”

She continued, “While this breach was caused by human error it is completely preventable. There are a number of safeguards available to government agencies and organisations that mitigate the risks of human error by implementing purpose-built data compliance measures into easy to use software solutions. Wizuda CFS is specifically designed to prevent this type of breach. When mails are sent with Wizuda, by default, recipients cannot see the email addresses of other recipients. There is also a simple retraction feature in the event of an email being sent to the wrong individual, so the recipient can no longer access the message.  In addition to this, you get full visibility over which of the recipients read or downloaded the message prior to the retraction providing instant visibility over the extent of the breach.”

If we consider the ICO investigation findings and address the compliance measures that could have been prevented with the use of a dedicated IT solution such as Wizuda, we can clearly identify the unequivocal benefit to state agencies and organisations of investing in such inexpensive compliance solutions.

The ICO found the Inquiry:

  • failed to use an email account that could send a separate email to each participant
    • Sending emails via Wizuda:

      • All recipients are automatically prevented from seeing the email address of other recipients
      • You are automatically prompted to reconfirm the list of recipients prior to sending

 

  • failed to provide staff with any, or any adequate, guidance or training on the importance of checking email addresses were in the “bcc” field
    • Sending emails via Wizuda:

      • All recipients are automatically prevented from seeing the email address of other recipients
      • Fully accessible training guides for all users available in the Wizuda portal

 

  • hired an IT company to manage the mailing list and relied on its advice that it would prevent individuals from replying to the entire list
    • Sending emails via Wizuda:

      • Wizuda includes a ‘no reply’ security feature to prevent this type of breach. This feature can be set as the default for certain cases which cannot be overwritten by the sender, thus removing the risk of human error.

 

The Wizuda ethos is “Because Data Deserves Privacy”. This case in-point is live proof and testament to this.  State agencies and companies throughout the world have significant responsibility placed upon them given the data they hold. A simple email address shared incorrectly can have life changing effects on individuals and their families.

Take control of how your organisation shares files and have peace of mind you are operating compliantly and mitigating future data breach risks. Talk to Wizuda today and let us help you on your road to full compliance.

To read the original article, click here.

 

Recent Posts
Wizuda CFS free trial