Social Services Data Breaches

Social Services have a statutory obligation to safeguard and promote the welfare of vulnerable children and can offer a wide range of care services to children and their parents. Social Services’ care departments help ensure children are healthy, safe, and well looked after. As such Social Services hold a great deal of personal data belonging to their clients. A proportion of that data is likely to constitute sensitive personal data or “special categories of data” (including for example, medical records, religious beliefs or ethnic origin).

Like other organisations holding your personal data Social Services have an obligation to keep your personal safe and secure in accordance with the law as set out in the GDPR and the Data Protection Act 2018. However it is our experience at DRM Legal that Social Services often breach their data protection responsibilities. We have dealt with cases in which Social Services simply do not have in place procedures to ensure the safe and secure handling of your data. Sometimes the staff entrusted to handle your personal data have not been given sufficient training which results in personal data being lost or destroyed. Or sometimes sensitive personal data is sent to the wrong person.

At DRM Legal we understand how disruptive and upsetting it is when your personal data is lost, or shared accidentally with an unauthorised person. We are here to help our clients to claim compensation for the distress and embarrassment caused by a Social Services data breach.

Social Services are liable for the failure to protect your data if they did not follow their own internal procedures (such as data destruction policies) or if their security systems are inadequate. Social Services data breaches frequently occur because of human error, however the offending organisation will still be liable for the breach.

If you believe that you are a victim of a Social Services data breach, you should contact our team at DRM Legal to help you to claim the compensation that you deserve. We give our clients our undivided attention when making a claim for data protection breaches. Unlike many other data breach solicitors, we will not ask you to join a group action with hundreds of other people claiming for the same breach. Everybody is different and should be treated as an individual so we will always focus on how the data breach has affected you, and only you.

Examples of a data breaches by Social Services

April 2019  A social worker agreed to a three-year caution after being found to have forwarded multiple confidential documents to a personal email account. The practitioner’s misconduct was discovered only after she had completed an agency stint with a council, which accessed her staff email account to retrieve material relating to work left incomplete. The local authority found the social worker had forwarded more than 20 documents, including care plans, assessments and court statements, mostly unredacted to her Yahoo account during late 2017.

November 2012  The Information Commissioner’s Office (ICO) fined Plymouth City Council £60,000 for sending details of a child neglect case to the wrong family.

The ICO called it a “serious breach of the Data Protection Act”, as the report included highly sensitive personal information about two parents and four children, notably allegations of child neglect resulting in ongoing care proceedings.

An investigation by the ICO found that the council had no secure system in place for printing reports containing sensitive personal data, and had failed to take reasonable steps to ensure reports were checked before they were sent out.

June 2011     The Information Commissioner’s Office (ICO) imposed a monetary penalty of £140,000 on Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five occasions.

The five serious data breaches – all involving children’s social service reports being sent to the wrong recipients – occurred between January and June 2011. One of them happened when papers relating to the status of a foster carer were sent to seven healthcare professionals, none of whom had any reason to see the information. In another case, minutes of a child protection conference were sent in error to the former address of a mother’s partner, where they were opened and read by his ex-partner. The papers also contained personal data about the children’s mother, who made a complaint to her social worker about this incident.

The first breach, which occurred in January 2011, did not come to light until March, when the Council began an investigation. Unfortunately, this did not prevent further similar incidents taking place in May and June.

Compensation for distress

Unlike other data breaches involving, for example, financial information, Social Services data breaches are usually based solely on the distress you have suffered, rather than/in addition to financial loss. However this is not always the case as the loss of any personal data may lead to fraud as cybercriminals are becoming ever more inventive in the way they monetise stolen personal data.

If you have suffered a Social Services data breach, you will know how far-reaching its affects can be. The data breach may a profound effect on your family life. It may cause significant distress and loss of confidence. The initial stress you suffer when you become aware of the breach may result in a diagnosis of anxiety or depression or it may exacerbate an existing medical condition. Following a data breach many of our clients experience stress, disrupted sleep, anxiety and confidence issues. At DRM Legal, we think these ill effects are just as important as any financial loss.

We understand that distress affects everybody differently and we are here to help you through this. If you have suffered a data breach or if your personal data has been lost, you have the right to claim compensation.

How to make a data breach claim

Get in touch with our team to find out whether you may have a data breach claim. If we think that you do have a valid claim for compensation, we will act for you on a no win-no fee basis. This means you have nothing to lose by pursuing your claim, whether or not it succeeds.

Once you have given us the details of your claim, we will consider these and let you know how much compensation you could receive if you were to make a claim. You can then instruct DRM Legal to proceed with your claim and get the compensation you deserve.

If you would like to claim, fill out our claim form now or call our team to discuss your case.