Data breaches, where personal information is disclosed to the wrong people by mistake, can have serious repercussions for those involved in family law proceedings. In the most severe cases, these individuals and their families can be placed at risk of harm. These can include adoptive parents, foster carers and domestic abuse survivors.

What are the risks of data breaches in family law proceedings?

Unfortunately, it is not uncommon to see instances where personal information is disclosed to the wrong people by mistake in family law proceedings. There have been a number of recent cases where adoptive parents’ and foster carers’ personal data has been disclosed to the birth parents during or at the conclusion of proceedings. These may also be cases where the birth parents have been found by a Family Court to pose a risk of harm; have caused harm to the children or they oppose the children being placed for adoption or looked after by the Local Authority. Accordingly, there can be a considerable risk of harm to both the adoptive parents, carers and the children in many of these situations.

In cases of domestic abuse, survivors’ data, including their address, has been disclosed to perpetrators of abuse. The Domestic Abuse Commissioner for England and Wales, Nicole Jacobs, warns: ‘For victims of domestic abuse, a data breach can be a matter of life or death.’ Since July 2022, the Information Commissioner’s Office (ICO) has issued reprimands for 7 organisations following data breaches affecting survivors of domestic abuse. The possible consequences of a perpetrator inadvertently obtaining a victim’s personal data are plain; the victims of the data breaches are often placed at serious risk of harm.

In cases we have assisted with, clients have had to move house, implement extensive security measures or apply to the Family Court for protective measures to keep themselves and their families safe.

What steps can a family or individual take who have been affected by a data breach?

Claims can be brought not only for breach of the UK data protection law (the UK General Data Protection Regulation or ‘UK GDPR’, and the Data Protection Act 2018) but also for the tort of Misuse of Private Information (or ‘MOPI’). Depending on the circumstances, there may also have been a breach of the family’s human rights (namely Article 8, the right to respect for your private and family life, home and correspondence). The identity of parties can be protected in proceedings by way of an application for an anonymity order and reporting restrictions.

Families whose data has been breached are usually entitled to claim compensation. In situations where a family has had to relocate as a result of the data breach, or implement security measures such as CCTV and secure windows, the costs of moving house or implementing these measures may be recoverable. Other costs which may be recoverable include web searches and clean up costs to remove personal information which has been leaked or shared on the internet and the costs of applying to the Family Court for protective measures.

Damages are not just limited to quantifiable financial losses, but can also be claimed for emotional and psychological distress caused by the data breach. This can take into account the anxiety caused by knowing that the birth parents or perpetrator have access to personal data relating to their contact details or whereabouts.