Independent Inquiry into Child Sexual Abuse (UK) Data Breach (2017)

The UK's data watchdog today issued the Independent Inquiry into Child Sexual Abuse (IICSA) a £200,000 penalty after it sent a bulk email to participants that identified possible victims of historical crimes. A employee of the inquiry fired a blind carbon copy (BCC) email to 90 people participating to inform them of a public hearing. Upon realizing their error, a correction was issued but email addresses were mistakenly entered into the "to" field rather than BCC.