Bristol News From Chopsy Bristol
Bristol Education and SEND NewsBristol News

Bristol City Council Data Breach Releases Hundreds of Names of Disabled Children’s Families

Chopsy Baby
  • It’s the second time Bristol City Council has released details of families of disabled children, meaning they could use the same letter again

The personal information of parents and carers of disabled children in the city has been leaked by Bristol City Council in a second email blunder.

Families on Friday received an email from Disabled Children Services, the same team who had been responsible for releasing the names of disabled children as well as their parent carers’ emails in 2020.

More than 400 families received the email before it was recalled five minutes later

It wasn’t until much later in the afternoon that the council sent out an apology for the breach.

Text Below

The email, sent at 2.25pm on Friday read: ‘As you may be aware there was a breach of the General Data Protection Regulation (GDPR) this morning which affects you.

‘This means that personal information was shared this morning, which should not have been. We did not use ‘blind carbon copy’ when sending an email to you this morning, and as a result your email address could be viewed by everyone who received the email. This breach was caused by human error and I apologise unreservedly for any distress that this may have caused you or your family.

‘To mitigate this situation we have attempted to recall the email and would ask that anyone still in possession of the email delete it. We have informed our Data Protection team who will report this incident to the Information Commissioner’s Office (ICO). This is in line with the accepted process for reporting data breaches, and we will comply fully with their protocol.

‘I sincerely apologise for this error and want to reassure you that we have taken steps to find out what happened and why to help prevent this happening again.

‘If you have concerns about how Bristol City Council has handled your data, you can contact data.protection@bristol.gov.uk.  As stated above, we have reported this incident to the ICO, however, should you wish, you may independently refer this matter to them via their website, ico.org.uk.

‘Social Care Hub

‘Specialist Services for Disabled Children’

The email was a copy of the one sent by Ann James, Director of Children and Families, on 23 November 2020, with a minor alteration to reflect that this time, they didn’t release the names of the disabled children alongside the email addresses of their parent carers.

Text Below

The previous email on 23 November 2020 read: ‘As you may be aware there was a breach of the General Data Protection Regulation
(GDPR) this morning which affects you.

‘This means that personal information was shared this morning, which should not have been. We did not use ‘blind carbon copy’ when sending an email to you this morning, and as a result your child’s name and your email address could be viewed by everyone who received the email. This breach was caused by human error and I apologise unreservedly for any distress that this may have caused you or your family.

‘To mitigate this situation we have attempted to recall the email and would ask that anyone still in possession of the email delete it. We have informed our Data Protection team who will report this incident to the Information Commissioner’s Office (ICO). This is in line with the accepted process for reporting data breaches, and we will comply fully with their protocol.’


‘I sincerely apologise for this error and want to reassure you that we have taken steps to find out what happened and why to help prevent this happening again.’

‘Following a personal data breach an investigation is carried out into the causes. Where staff are found to be at fault the matter is addressed as a training issue, and where there have been failures in policy or process any necessary changes are made to reduce the risk of a similar incident occurring in the future. All staff are aware of their GDPR obligations and must take mandatory data protection and information security training annually.

‘In addition to an internal investigation, the ICO will also provide recommendations which Bristol City Council will act upon. If you have concerns about how Bristol City Council has handled your data, you can contact data.protection@bristol.gov.uk. As stated above, we have reported this incident to the ICO, however, should you wish, you may independently refer this matter to them via their website, ico.org.uk.’

The data blunder has caused further upset in a community already experiencing a ‘fractured’ relationship with the Local Authority over historic Send failures. Whilst the names of children were not released alongside email addresses this time, the names of the families will reveal to others who in Bristol has a disabled child.

More from Chopsy Bristol
Find us on Twitter: https://twitter.com/ChopsyBristol