Hundreds of confidential files have been found abandoned in a former office that had recently been vacated by the organisation Change, Grow, Live (CGL).
The entirely avoidable data leak included highly-sensitive records and documents involving vulnerable adults and children; i.e. confidential data that should be completely secure and never left open to being accessed without appropriate authority.
According to reports, files had literally been left behind after CGL vacated the premises.
Data leaked in what is a huge breach of data protection rules included:
- Documentation and information on child sexual exploitation case reviews
- Drug and alcohol addictions
- Sexually-transmitted infections
- Domestic violence situations
- Counselling notes
- Confidential mail that had not been redirected
It’s thought that CGL and Tameside Council – where the office is located – paid little interest in the breach when they were first informed about the discovery. A council spokesperson later said:
“We take any potential breach of the security of confidential information very seriously. We make strict stipulations to all commissioned service providers about data protection.
We understand that the previous provider (Lifeline) went into liquidation and there has been an ongoing dispute over the premises and outstanding rent between the new provider (CGL), who took over the contract, and the landlord.
When vacating the premises CGL say they removed all the files they had control of and had access to in the building.”
In an era when data protection breaches are happening all the time, and where people are far more aware of their rights and how they can claim compensation for data breaches, this completely avoidable breach is hard to fathom.
With new regulations coming into force in May this year, councils and private organisations will be unable to escape far harsher penalties in the form of fines that could reach over £15 million.
This is yet another example of a complete lack of respect for data protection regulations. A leak of such highly-sensitive information is a serious affair, and victims may be entitled to claim for data breach compensation.
Although any data protection breach can be serious, one of the important factors to consider is the sort of data that has been leaked. Data involving sexual abuse and serious domestic issues and mental health records is undoubtedly data that should be a top priority in terms of keeping it secure. To learn that an organisation has completely disregarded the rights of the victims by leaving such confidential data vulnerable to being breached is incredibly concerning.