Offers of compensation have been made to more than 40 victims of historical institutional abuse after their details were leaked in a data breach, a solicitor for the victims has confirmed.
here was uproar earlier this year when a newsletter from the Interim Advocate's Office was emailed to 251 people. However, the recipients' names were included when they should have been made anonymised.
The email was sent by the office manager on behalf of Brendan McAllister.
Some 248 of those emails were to external recipients, while three were internal.
Interim Victims' Advocate Brendan McAllister apologised. He resisted calls to step down saying it would be counterproductive without a permanent appointment made.
An investigation blamed a "procedural error" and a full review of how information was managed by the office ordered.
Speaking to the Belfast Telegraph, Kevin Winters, a solicitor representing 40 of the victims across three victims' groups, confirmed offers of compensation have been made to all of his clients. He said he could not comment further due to ongoing negotiations.
In a statement to the Belfast Telegraph, an Executive Office spokesperson said: “This was a deeply regrettable incident and we recognise the significant impact on victims and survivors.
“Letters have been received claiming damages in respect of the breach. The Executive Office is currently in negotiation with claimants.
“As these are matters which may in due course come before the Courts, it would not be appropriate to comment further on the claims at this stage.”
An investigation found the office manager copied a mailing list into the 'To' field of the email rather than the 'Bcc' field, which would have kept the recipients' names anonymous.
Many of the individuals were involved in the Historical Institutional Abuse (HIA) Inquiry and wished to remain anonymous.
The report also uncovered issues with the office's data protection officer role (DPO), whose job it is to monitor and advise on General Data Protection Regulation (GDPR) rules.
While the DPO is required to be an "independent expert in data protection", this role was filled on an interim basis by the office manager, and there were "concerns expressed (by the senior accountable officer and the office manager) that the office manager may not have the skills or training for the DPO role; the intention was that once additional staff were in place, the DPO role would be revisited."
Investigators also concluded there were problems around some victims giving adequate consent to be included on the mailing list.
Nine recommendations were made in the report with Mr McAllister pledging to implement them in full.
Many victims have indicated that they intend to sue for damages, which a legal source telling the Belfast Telegraph that cost as much as £2.5m.