Data breaches are putting the lives of domestic abuse victims at risk, the Information Commissioners Office (ICO) has warned.

The warning comes after the ICO reprimanded seven organisations in the past 14 months for data breaches affecting victims of domestic abuse, including a housing association.

Most of the cases related to organisations inappropriately disclosing the victim’s home address to alleged perpetrators.

The ICO is urging organisations to take responsibility for training their staff and putting appropriate systems in place to avoid such incidents – action which is supported by organisations such as Women’s Aid and the Domestic Abuse Commissioner for England and Wales

Recent breaches include:

  • Four cases of organisations revealing the safe addresses of the victims to their alleged abuser. In one case a family had to be immediately moved to emergency accommodation
  • Revealing identities of women seeking information about their partners to those partners
  • Disclosing the home address of two adopted children to their birth father, who was in prison on three counts of raping their mother
  • Sending an unredacted assessment report about children at risk of harm to their mother’s ex-partners

Organisations involved include a law firm, a housing association, an NHS trust, a government department, local councils and a police service. According to the ICO, root causes for the breaches vary, but common themes are a lack of staff training and failing to have robust procedures in place to handle personal information safely.

John Edwards, UK Information Commissioner, said: “These families reached out for help to escape unimaginable violence, to protect them from harm and to seek support to move forward from dangerous situations. But the very people that they trusted to help, exposed them to further risk.

“This is a pattern that must stop. Organisations should be doing everything necessary to protect the personal information in their care. The reprimands issued in the past year make clear that mistakes were made and that organisations must resolve the issues that lead to these breaches in the first place.

“Getting the basics right is simple – thorough training, double checking records and contact details, restricting access to information – all these things reduce the risk of even greater harm.

“Protecting the information rights of victims of domestic abuse is a priority area for my office, and we will be providing further support and advice to help keep people safe.”