Data breach of Historical Institutional Abuse victims' e-mails 'deeply regrettable'

  • This week, Northern Ireland’s Executive Office published the investigation report into a major data breach which occurred in the Historical Institutional Abuse (HIA) Interim Advocate’s Office.

    The data breach occurred on 22 May 2020, while staff from the Interim Advocate’s office were issuing the Interim Advocate’s newsletter.

    250 email addresses were shared via the e-mailed newsletter, which included those of victims and survivors - some of whom may have opted to remain anonymous throughout the HIA Inquiry.

    The recipients were visible to all who received the e-mail. The Executive stated that “it was a deeply regrettable incident which had a significant impact on victims and survivors.”

    The Group Internal Audit and Fraud Investigation Service was tasked by The Executive Office to carry out an independent investigation into the incident.

    The aim of the investigation was to establish the circumstances which led to the release of the e-mail addresses and make recommendations to address any system weaknesses that were identified during the investigation.

    RELATED: SMEs and the risks of under-protecting data: A conversation with a barrister

    The investigation concluded that the data breach was attributed to procedural error.

    The Executive added in a press release that a total of nine recommendations have been made to prevent a reoccurrence of this incident, and to improve data protection and information management arrangements within the Interim Advocate’s Office.

    The Executive Office said these are being taken forward as a “matter of urgency”.

    The availability of independent support for those affected by the breach was put in place following the incident, and remains available.

    The matter has been notified to the Information Commissioner’s Office, which will conduct its own investigation separately.

    RELATED: Tech Craic: Wayne Denner - Online safety and cybersecurity

    Some of the historical abuse survivors in Derry have given their backing to the Interim Advocate’s Office despite the breach, although when the incident initially occurred in May, Ulster Unionist MLA, Doug Beattie MC, called for Interim Advocate Brendan McAllister to step down.

    He said: "The data breach from the office of the Interim Advocate for Historical Institutional Abuse is devastating for many of the victims.

    "Having been abused, many fought for justice with anonymity the only armour they had in their defence. Now that anonymity has been breached by a lack of due diligence and clear data protection protocols. 

    "Victims must come first in all we do, and establishing and maintaining confidence and trust is at the heart of helping victims. If there is no confidence and trust then we are failing victims."

    At the time, Mr McAllister apologised for the e-mail disclosure and said measures were immediately taken to recall it, and “in keeping with required procedures the incident was reported to the Information Commissioner.”

    RELATED: NI EasyJet customers to sue airline for violation of privacy

    The full report can be accessed on The Executive Office’s website at:

    About the author

    Niamh is a Sync NI writer with a previous background of working in FinTech and financial crime. She has a special interest in sports and emerging technologies. To connect with Niamh, feel free to send her an email or connect on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story