Highly sensitive personal information involving victims of sexual assault was exposed following a data privacy leak at Suffolk Police. The information was subsequently taken down, but victims of this data breach were understandably very distressed and angry. The right to privacy for victims of sexual assault is absolute. This data leak stripped them of this right.
In November 2022, Suffolk Police admitted that it had accidentally published the names and addresses of victims of sexual assault on its website. The Suffolk Police data breach is believed to have affected “hundreds” of victims.
The information exposed in this data breach included:
According to Suffolk Police, the privacy violation relates to inquiries into sexual offences and offences that occurred in schools which were reported between 1 April 2015 and 31 March 2019.
The information held by the police is often extremely sensitive, and a data breach can have a devastating impact on those affected.
According to Suffolk Rape Crisis, the data breach could have put victims at threat of violence should perpetrators gain access to their addresses and contact details. The support organisation encouraged any victim “who feels re-traumatised or overwhelmed by this information to seek support and look after their wellbeing.”
See our answers to the FAQs we were asked about the Suffolk Police Data Breach.
Suffolk Police accidentally published the names and addresses of victims of sexual assault on its website. The data breach is believed to have affected “hundreds” of victims. Suffolk Police and the Information Commissioner’s Office (ICO) investigated this incident to find out why such a serious privacy violation occurred.
The information exposed in this breach includes:
The privacy violation related to inquiries into sexual offences and offences that occurred in schools which were reported between 1 April 2015 and 31 March 2019. No information outside of those dates has been disclosed.
If you are affected by the data breach, Suffolk Police should be in touch to notify you.
The privacy violation relates to inquiries into sexual offences and offences that occurred in schools which were reported between 1 April 2015 and 31 March 2019.
A statement by Suffolk Police read:
“Suffolk Police were made aware that some personal information, which should not have been uploaded, could be accessed via the constabulary website.
“This matter was quickly resolved and the information can no longer be accessed.
“An investigation is now taking place into how this error occurred.
“The Information Commissioner’s Office has been notified of this incident.
“We do take our obligations under the Data Protection Act very seriously.”
This is likely to be of little consolation to the victims of the Suffolk Police data breach.
Suffolk’s Police and Crime Commissioner also called for measures to be put in place to prevent such an incident happening again. However, police forces have been aware of the threat of data breaches for some years now, so we would question why these measures were not already in place.
A following statement said:
“Suffolk Constabulary has been investigating a data breach which was discovered by a member of the public on the evening on Monday, November 7.
The information was removed from the public domain as soon as possible after officers were alerted, and an internal inquiry began.
The data was contained within an Excel document on the Suffolk Constabulary website. It related to inquiries into sexual offences and offences that occurred in schools which were reported between 1 April 2015 and 31 March 2019.
No information outside of those dates has been disclosed.
It has been established around two to three per cent of the published investigations included information which could lead to someone being identified. In most cases no personal data was present.
Officers and staff are continuing to assess the scale of the data breach. As part of their work they are endeavouring to contact those affected at the earliest opportunity to give support, reassurance and offer an apology.
The location of the Excel document would not have been immediately evident on the constabulary’s website. It was contained within a reply to a Freedom of Information (FOI) request.
As part of the inquiry, we are seeking to establish how many people have viewed the information. No other reports have been made to us since this document was first published in 2019.
All other FOI replies have also been removed from our website and we are now confident that there have been no other information breaches of this nature.
Suffolk Constabulary takes its obligations under the Data Protection Act extremely seriously and has referred the breach to the Information Commissioner’s Office.
Assistant Chief Constable Eamonn Bridger said: “Suffolk Constabulary is extremely sorry for the data breach and the anxiety this unintentional disclosure of personal information will have caused.
“We recognise and sincerely regret the additional concern this incident will have caused for victims of crime that we are duty-bound to protect.
“We have now fully removed the document from public circulation and will continue to proactively seek to minimise any risk that the release of this data may have had.
“We are committed to making sure we do everything we can to avoid a similar incident happening in the future and have already implemented changes that will ensure these circumstances do not happen again.”
Our action is now closed.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.
