A private Inquiry into Child Sexual abuse has been forced to pay fines of up 200,000 euros after it sent a mass email that was thought to have identified potential abuse victims. The office of information commissioners reported this on Wednesday morning. An independent inquiry staff had emailed 90 individuals using the ‘wrong field ‘to ’instead of using the correct field ‘bcc’ field. This allowed recipients to view each other’s credentials and addresses. The Information Commissioners office reported that the ordeal was a breach last year. It was a glitch in the Information Protection Act. The Independent Inquiry said that they had made an apology over the issue and thoroughly reviewed its data-handling. About twenty-two grievances were received by the Information Commissioner’s office concerning the glitch that left one person very distressed by the event.
The Inquiry, which covers Wales and England, was founded in 2014. Its primary aim was to investigate the claims against local authorities, the armed forces, the religious institutions, the independent organizations and all the individuals in the eyes of the public. The Information Commissioner’s office said that an Inquiry member of the staff sent a carbon copy email on February 2017. The staff sent the email to ninety inquiry participants addressing those individuals about an event hearing. After the staff realized that there was a glitch in the sent email, a correction was immediately sent, but the email address was entered in the ‘to’ field. This revealed the address of the recipient.
Fifty-two of the Emails contained full credentials attached. The Inquiry was immediately notified about the breach by a concerned recipient who had reported that he had entered two additional email addresses into the ‘to’ field that automatically revealed the addresses of the recipients before he clicked the reply all button. The emails were then sent and the receivers of the emails were requested to erase the emails and not to circulate them further. After the Information commissioner’s office intervened, they found that the Inquiry had not used an email account that was able to send a diffrent email to every participant. The Inquiry was also unable to issue the staff with any training or guiding that could adequately assist them to navigate with the emails especially when addressing the participants.
The Inquiry had also hired an Information technology that was used to manage the mailing list and at the same time relied on their advice that it would manage to prevent participants from replying in the entire list.