Adoption families in Kent County Council data breach

  • Published
Part of the e-mail sent by Kent County Council
Image caption,

The e-mail included contact details of more than 300 parents who have adopted children in Kent

Contact details of hundreds of adoptive parents have been disclosed in a council email.

"Human error" was blamed for the email from Kent County Council's adoption service being sent to some 300 adoptive parents and some support workers.

The authority has apologised to parents and pledged to improve security procedures, while its data-protection team has begun an investigation.

Parents have voiced fears their data could fall into the wrong hands.

'Vulnerable children'

One of the recipients, who did not want to be identified, said: "I'm really concerned that my details have been shared so widely, potentially with parents at school, or others elsewhere, who do not know our son is adopted.

"It would just take one person's email account to be hacked for all our details to end up who knows where.

"We are all looking after vulnerable children, and many of us have concerns over birth families tracking down our children. The implications of such a data breach could be very serious."

Another who was on the list said: "Safeguarding of data is important in all walks of life but I would argue even more so when dealing with families of vulnerable children.

"This is why it is so very disappointing that robust systems were clearly not in place to prevent this data beach."

'Attempted recall'

Kent County Council is investigating how the breach occurred and told the BBC it was trying to ensure there was no repetition.

A spokesman said: "A member of staff working for the post-adoption support team mistakenly copied a mailing list into the carbon copy (cc) section of their email client instead of the blind carbon copy (Bcc) section.

"After realising their mistake, they immediately informed their manager, who then followed the relevant internal procedures. They attempted to recall the emails.

"We deeply regret that this happened."

Such breaches can incur severe sanctions from the Information Commissioner's Office (ICO), ranging from warnings to a fine of up to £17m.

The council said it was investigating whether the breach met the threshold required for reporting to the ICO.

Another parent included on the list said: "I'm very cross about it, partly because it compromises me, as part of my personal information is out there for every single adopter.

"It is very easy to do. I feel really sorry for the person who did it. It's a simple mistake.

"I wouldn't use the word 'serious', but I'm just disappointed. If they can do this, there is the potential they can send out other data."

The council has a record of previous data breaches and in 2011 was named by Big Brother Watch as the joint-worst-offending local authority in the UK.

Among its losses were the disappearance of a data stick containing school pupils' personal data, documents left in public places, stolen laptops and emails sent in error.

Related internet links

The BBC is not responsible for the content of external sites.