By Phil King
We live in a world in which it’s acceptable to share personal data about ourselves with numerous agencies who have a responsibility to use it in ways we would reasonably expect, and to keep it securely. Data Protection law is there to make sure everyone’s data is used properly and legally.
For those people coming into contact with a local authority children services, or any other similar child welfare agency, their shared personal data is likely to be highly sensitive and confidential. They would rightly therefore expect the highest standards of data protection and data security. Those in contact with these agencies may be a parent, child, family member, or a foster carer or adopter. The range and depth of those individuals’ personal data shared with that agency is likely to be very extensive.
A data breach of personal data may vary from the very minor to releasing information that may cause potential or actual harm to an individual, including their personal safety. It can include the loss, destruction or unauthorised disclosure of personal data. A breach can have a variety of adverse effects on individuals which include emotional distress, and physical and material damage. Some personal data breaches will not lead to risks beyond possible minor inconvenience whilst other breaches can significantly affect individuals whose personal data has been compromised. Every case is individual and different as is the impact.
The General Data Protection Regulation (GDPR) includes a duty on all organisations to report certain personal data breaches to the relevant supervisory authority, usually within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, those individuals must be informed without undue delay.
Hopefully, agencies will manage any data breaches in a responsible and timely manner, following the law/regulation. The aim should be to rectify the situation in an attempt to return that person as best as possible to their situation had that the data breach not occurred. This may include an apology, reassurances about future security, and possibly financial redress to compensate for any loss, inconvenience, harm or damage, or making arrangements for protective measures to mitigate future risk.
Where difficulties arise in this sort of redress, our expertise within the child abuse litigation service of data management within a range of children’s services may be helpful. We can provide expert reports regarding responsible data protection within a variety of situations, impact of data breach upon an individual/family and what sort of redress would assist.