Northern Ireland Executive Office and Patient Client Council reprimanded over data breach

The Information Commissioner's Office has reprimanded two Northern Ireland organisations for data security breaches.

The watchdog said the breach was "avoidable".

The Patient and Client Council and The Executive Office are both implicated over emails they sent to multiple people, without using a tool to hide their addresses from all those recipients.

The Executive Office's Interim Advocate Office, which was established after the report of the Historical Abuse Inquiry, sent an newsletter to 251 subscribers using the 'to' field.

Although only email addresses were disclosed, the ICO says it can be inferred that the people included in the email were likely to be victims and survivors, as the newsletter content was tailored to those who were wishing to engage, or who were already engaging, with the HIA Inquiry compensation scheme.

The ICO said they should have found an appropriate alternative such as mail merge.The PCC had sent an email to 15 people across Northern Ireland, each of whom had lived experience of gender dysphoria, using the carbon copy (cc) option.

John Edwards, the UK Information Commissioner said: "This type of data breach is all too common but is easily avoidable. Organisations must take responsibility for training their staff properly and for putting appropriate systems and policies in place to avoid such incidents.

“Even if the content of an email is not sensitive or confidential, identifying people who have received it could reveal sensitive or confidential information about them. That could be very distressing and potentially harmful to the people affected.”

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know.