[BreachExchange] Abuse victims data breach could cost £2.5m in damages

Destry Winant destry at riskbasedsecurity.com
Thu May 28 09:20:21 EDT 2020


https://www.belfasttelegraph.co.uk/news/northern-ireland/abuse-victims-data-breach-could-cost-25m-in-damages-39230665.html

An apology from Northern Ireland abuse victims' advocate Brendan
McAllister for a serious data breach at his office does not go far
enough, it has been claimed.

While other victims have said they retain their confidence in Mr
McAllister, who said he won't be standing down, Margaret McGuckin from
the Survivors of Institutional Abuse (Savia) group said he must go
further than saying sorry.

"He doesn't realise the seriousness of it. Anybody in any position of
power would do the right thing, put their hands up," she told the BBC.

"Yes, he's apologised and many may be appreciative of that, but his
apology is not working."

Interim Victims’ Commissioner will consider his ‘situation’ over damaging leak

A newsletter was sent out on Mr McAllister's behalf on Friday but
listed the emails of 250 people, including abuse victims.

Many victims have already indicated that they intend to sue for
damages, which a legal source told the Belfast Telegraph could cost as
much as £2.5m.

The interim advocate for victims apologised again yesterday, but said
he would wait for the results of an investigation from the Information
Commissioner before considering his position.

Mr McAllister told the BBC it would be counterproductive to leave his
post before a permanent appointment was made.

Abuse victims data breach could cost £2.5m in damages

"It's important from my point of view that I continue for this next
number of months before the appointment of a commissioner, to make
sure that everything can be put in place," he said. "To step aside at
this stage would lose valuable months. However, an investigation will
take place and if in any way I am found to be personally culpable in
this matter, of course I'll have to consider my position."

One man who said he had been identified on the list, who asked only to
be referred to as PJ, said he would be taking legal action and that Mr
McAllister could not defend his position.

He also claimed his name had previously been published in error when
he gave evidence to the Historical Institutional Abuse Inquiry in
2014, which resulted in him being attacked.

"To say I am outraged is an understatement," he said. "This release of
victims' email addresses is no trivial matter and Brendan McAllister,
I believe, should very carefully consider his position."

He said the investigation needed to determine if proper security
procedures were in place to prevent a serious data breach.

A member of the St Patrick's Survivors group also said one of their
members had been included on the list and was extremely distressed.

"Every day [Mr McAllister stays in his post] is causing even further
pain and distress and the lack of action is unacceptable," they said.

However, Jon McCourt from the group Survivors North West said on
Sunday he did not believe Mr McAllister should step down, although the
breach had been highly embarrassing.

Yesterday he told the BBC that some members of the Rosetta Trust and
Survivors Together also backed him to stay.

"I saw the whole list and I was shocked. It was a massive breach of
confidentiality of all of those who were named," he said.

Mr McCourt noted that there had been a failed attempt to retrieve the
original email before the issue was made public.

"I'm looking at the impact that this has had on people that I have
spoken to over the weekend. They range from a feeling of betrayal
right through to anger, particularly from people who had previously
been victims of a breach of confidentiality through the HIA.

"This was a double hit for them. Without doubt this has had a massive
personal impact for people who engage with the inquiry."


More information about the BreachExchange mailing list