19th July 2019

Confidential data of employees working at charity, Independent Age, has been accidentally disclosed to a former worker.

The data breach occurred when the charity responded to a former employee’s subject access request.

Independent Age says that the security breach compromised personal data, including bank information, account numbers, sort codes, pension contributions and wages details of almost all of its workforce.

The Charity Commission and the Information Commissioner’s Office were both informed of the data breach.

John Tranter, acting chief operating officer at Independent Age, said:

“We take our data protection and charity law responsibilities seriously. We are aware of this incident and reported the data security breach immediately to the ICO and the Charity Commission, who have confirmed that they will take no further action.

“All data has been securely deleted from the former colleague’s computer and no details were provided to any third parties. We are investigating how this occurred and will be putting in place further steps to minimise the risk of it happening again.”

It appears organisations have still not fully got to grips with data protection law and this likely explains what we believe to be a rise in the number of reported data breaches occurring in the UK. Whilst the above breach was acted upon relatively quickly and seemingly contained it does nonetheless serve as a further stark warning of the importance in ensuring you have measures in place to ensure data is protected.

At Ben Hoare Bell LLP we have significant experience in data protection.  If you wish to discuss a data breach please contact our Solicitors Richard Hardy richardhardy@benhoarebell.co.uk or Andrew Freckleton andrewfreckleton@benhoarebell.co.uk to discuss further.