NHS trust in Dorset shares abuse victim's address with abuser in data breach
The oversight increased the risk to the victim
Last updated 13th Oct 2023
An NHS trust in Dorset has been reprimanded for inadvertently sharing the address of an abuse victim with their alleged abuser.
The University Hospitals Dorset Trust internal system, designed to distribute identical communications to multiple individuals, failed to filter out addresses when sending messages, leading to a serious breach of privacy.
Consequently, a letter containing the new address of an abuse victim landed in the hands of their alleged abusive ex-partner.
The Information Commissioner's Office (ICO) has strongly criticised the Dorset trust in a recent report.
It highlighted that while the victim had not explicitly told the trust to withhold their address, it was entirely reasonable to expect that personal information would not be shared without permission. Even though the victim has not lodged a formal complaint, the breach has escalated the risk of unwanted contact.
The trust also admitted to lacking a clear procedure for situations involving parental disputes where the same correspondence had to be sent to different addresses. However, it says that steps have been taken to rectify the issue, including implementing new procedures such as blind copying duplicate letters to other parents upon request.
In response to the incident, the University Hospitals Dorset NHS Foundation Trust issued a public apology, acknowledging the breach and the subsequent distress caused to the victim.
In a statement from the University Hospitals Dorset, is said:
“We apologise for this breach of data and accept the findings of the Information Commissioner’s Office in full. We also extend a further apology to the individual concerned and recognise the distress the breach may have caused.
“We have worked closely with the ICO and we’re grateful that the progress we have made in addressing this issue has been noted. This includes reviewing and updating our procedures to help ensure incidents of this kind do not happen again.”
The ICO welcomed the corrective actions taken by the trust, appreciating the steps towards resolution, including a face-to-face apology extended to the victim by a medical professional.