HNK Solicitors HNK Solicitors

Domestic abuse victims put at risk after data breaches revealed their locations to alleged abusers

It was recently reported that several data breaches have taken place that have put domestic abuse victims at risk as their locations were disclosed to their alleged abusers. The breaches occurred at organisations including a law firm, a housing association, an NHS trust, a police service, a government department and local councils.

The Information Commissioners Office (ICO) has issued reprimands to seven organisations since June 2022 for data breaches which affect domestic abuse victims. Four of these cases involved inappropriate disclosure of the victim’s safe address to alleged perpetrators. In one case, a family had to be immediately moved to emergency accommodation.

In another, the home address of two adopted children was given to their birth father, who was in prison on three counts of raping their mother.

There was one breach where an unredacted assessment report about children at risk of harm was sent to their mother’s ex-partners. Organisations also revealed the identities of women seeking information about their partners to those partners.

While the ICO has not directly named the organisations, it has since been revealed that Wakefield Council was one of the organisations responsible. In March 2022, the council released court papers in relation to child protection legal proceedings. The documents contained a medical report, which has the home address of the mother and her two children. At the time, the mother was fearful of the father due to a history of ongoing domestic violence from him and even a break-in at their previous address. As a result, the mother and her children had to be moved into alternative emergency accommodation on the day of the breach.

This just highlights the gravity of the consequences of these kinds of data breaches. The distress caused to this woman and her children as a result of her data being breached has been immense, and the upheaval caused to her and her children’s lives is significant.

An internal investigation into this breach found that the cause was a failure by a social worker to identify that the mother’s address was included on the medical report. The social worker sent the documents to the team manager, who then sent them on to the legal department. The legal department then filed the documents to all parties of the proceedings, which included the father.

John Edwards, the UK Information Commissioner, has pleaded with organisations to handle personal information correctly to avoid putting more vulnerable people at risk.

He said: “These families reached out for help to escape unimaginable violence, to protect them from harm and to seek support to move forward from dangerous situations. But the very people that they trusted to help, exposed them to further risk.”

“This is a pattern that must stop. Organisations should be doing everything necessary to protect the personal information in their care.

“The reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place.”

He said that “getting the basics right is simple” through training, double checking records and contact details and restricting access to information – this can reduce the risk of even greater harm.

Reportedly, there were various reasons for the breaches, but common themes included a lack of staff training and a failure to have robust procedures in place to handle personal information safely.

A breach could be life or death 

The dangers of these data breaches are extremely serious. A breach like this could mean life or death for some people. Domestic abuse victims often go to great lengths to escape their abusers, and a breach like this could put everything at risk for them, if their abuser knows this personal information, such as their new address, this puts them at great risk of further abuse.

The thought of their abuser knowing where they are, able to turn up at any point, would be incredibly distressing for them. Not to mention, if they have to move and restart their life elsewhere to protect themselves, this can be very traumatic and cause huge disruption to their life.

Nicole Jacobs, the domestic abuse commissioner for England and Wales, said: “It takes a huge amount of bravery for victims and survivors of domestic abuse to come forward, and many go to extreme lengths to protect themselves from the perpetrator. To be exposed to further harm due to poor data handling is a serious setback.

“That seven organisations have breached victims’ data in the past two years, with some sharing their address with the perpetrator, is extremely dangerous. For victims of domestic abuse, a data breach can be a matter of life or death.”

This just highlights the importance for organisations to implement every measure possible to ensure this type of data is kept secure and out of the hands of unauthorised third parties.

The ICO has revised its approach to public sector enforcement last year. It aims to reduce the impact of fines on the public by working more closely with the public sector and encouraging compliance with data protection laws to prevent harm before it happens. They are hoping to help organisations become more data protection efficient, ensuring their staff are thoroughly trained, and the correct safeguards are in place to prevent breaches.

What to do if you are worried about a potential domestic violence data breach 

All organisations have a strict legal obligation under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 to keep the personal data they hold on individuals safe and secure. This is true for every individual, whether they are in a vulnerable position or not.

Anyone whose data has been compromised should be made aware by the organisation responsible. The consequences of a breach can be even more extreme for someone vulnerable, however. So, it goes without saying that victims of domestic abuse should be made aware immediately that their data has been compromised, and everything should be done to protect them.

If you are concerned your personal data may have been breached as a victim of domestic abuse, this can be extremely distressing, and there are steps you can take to protect yourself. Firstly, you should get in touch with the responsible organisation to find out further details on the situation.

After taking the necessary steps to protect yourself and your family, you could also be eligible to claim compensation. This is an extremely distressing event, and you have the right to be compensated for this emotional distress, as well as the inconvenience caused to yourself and your family, plus any financial losses you may have suffered as a result, such as having to miss work.

In these cases, having the support of a dedicated data breach solicitor can prove invaluable.

HNK Solicitors can help with your data breach claim 

At HNK Solicitors, we have a team of dedicated data breach solicitors who have a deep understanding of the laws and regulations around data protection and who have successfully obtained compensation for thousands of clients for data breach claims.

Our team will support you every step of the way and have experience helping domestic abuse victims claim the compensation they deserve. We will always treat you and your case with sensitivity, helping you to navigate this process.

We always strive to obtain the maximum compensation for our clients and, wherever possible, mitigate the need for court proceedings. We take on clients on a no-win, no-fee basis, which means they don’t have to pay a penny upfront to get their claim started.

Get in touch with our team today to arrange a free no-obligation consultation to discuss the details of your case. Simply fill in our online claim form, and a member of our team will be in touch. You can also call us on 0151 668 0814 or drop us an email at

Share article


Latest News

No Win No Fee, Free Consultation

Please fill out the form below to get started with your claim

Please enable JavaScript in your browser to complete this form.
Terms & Conditions
Skip to content