Bristol City Council has recently been at the centre of a significant data breach by accidentally revealing names of disabled children to other parents. 

An email was sent out which was intended to collect feedback from primary carers regarding a recently introduced support service.

However, when the email was composed, the sender included all of the email addresses of the primary carers and the children’s names, all of which were viewable to all recipients of the email. 

This issue is becoming a significant problem leading to data breaches, with senders choosing to copy all addresses in rather than opting for the blind carbon copy (BCC) which hides the other email addresses from the recipients when sending out emails to lists of people.

An upset parent revealed that 487 names of children and their carers were visible to one another, although they expected this was just a fraction of how many it affected, as this only included people with the surnames H to L.

The case has been referred to the Information Commissioner’s Office for further investigation. 

If you have been affected by a similar situation, contact Emerald Law to discuss the next steps.