Brendan McAllister, the interim Commissioner for Victims appointed in the wake of the report of the Historical Institutional Abuse Inquiry (HIAI), has indicated he will not be stepping down after a serious breach in data regulations. He has issued an apology following the breach involving the identification of 250 survivors of historical abuse.
The breach occurred when a newsletter was sent to those registered with his office on Friday. The email however did not ensure that the names and email addresses for the recipients had been anonymised.
Some of those names were of applicants to the HIAI and many had elected to maintain their anonymity during that process.
One victim confirmed that he had seen a name of a person he had identified as someone who had abused him while he was in care. Many victims are upset and angry as some had not even told friends and family of their abuse or their involvement with the HIAI, the Commissioner or potentially Redress schemes.
Mr McAllister has indicated that investigations are underway to discover how the leak occurred and accepts that steps need to be taken to restore confidence in the process. This is likely to be a tough task. Jon McCourt, a spokesman for some former residents has confirmed a “feeling of betrayal and trust” but has stopped short of calling for Mr McAllister to resign. Others have not accepted the apology and feel that Mr McAllister has to step down.
Mr McAllister was not a universally accepted appointment when it became known he had started the process of becoming a Deacon in the Catholic Church and this latest error will increase the pressure on him from some sources to step aside from his role. As yet the full time role of a Commissioner has not been filled and the present interim role is one which would be hard to fill.
The breach does remind us all of how sensitive the information handled can be and the present remote working arrangements can lead to more data being sent via email than was previously the case. It is essential that we maintain high levels of security and ensure that emails being “forwarded” or replied to do not include wrong recipients. The “reply all” function can create significant problems and forwarding long chain emails can lead to names of parties being known to others people.