News of a victim support data breach has been published by the Information Commissioner’s Office (ICO), which has led to a caseworker being prosecuted.
It’s reported that Restorative Justice Caseworker, Jeannette Baines, who had worked with victim support, sent personal and private information from a work email address to a personal email address.
This kind of breach where employees misuse their rights of access to personal data to send it to personal accounts isn’t uncommon. Many of the ICO’s individual prosecutions involve this kind of breach being committed, and the consequences for the offender can be severe.
About the data breach
Any victim support data breach is serious, especially given that they themselves help people who have been on the end of data breaches as well.
In this case, it appears that an employee went above and beyond their station when they improperly processed data that led to the breach.
It’s understood that Baines sent spreadsheets containing data about victims and offenders from her work email address to a personal email address. This reportedly occurred during the last week of her employment, which again is a common factor in these kinds of cases.
Some people think it’s fine to send information to personal accounts to then use it in their next employment. It’s not, and this kind of behaviour is a clear breach of the law.
The consequences of this victim support data breach
Baines has been found guilty of breaching the Data Protection Act. She was sentenced to a three-year conditional discharge and has been ordered to pay costs and surcharges in excess of £600.
It seems that the ICO has accounted for the fact that this is a victim support data breach, which in itself is a serious matter. Personal information about victims and offenders is often incredibly sensitive, and should it fall into the wrong hands, the consequences could be severe.
That’s why data breach compensation amounts in cases involving incredibly personal and sensitive information can be high. Many of the individual cases we represent people for involve breaches that can – and have – put people at harm from offenders.
The risks of further exposure
This particular case is incredibly bad because of the nature of the information that was at the centre of the breach. Organisations can control the security of internal systems, but where information goes outside of those systems and into personal accounts as we saw in this case, security is an issue.
The data that was improperly copied / moved could have been at a far greater risk of exposure on a personal account. We represent the victims in these kinds of breaches, so we see how bad the consequences of information exposure can be. When we’re talking about a case involving a victim support data breach, any information exposure could be catastrophic for the victim.
This is another example of an employee breaking the rules, and the punishment issued by the ICO has been justifiably stern.