After being alerted to the potential and real dangers of data tracing for victims and survivors of domestic abuse, the Information Commissioner’s Office (ICO) conducted an overview of data protection practices of the UK tracing agent sector.
An undisclosed women’s charity told the ICO that a tracing agent had tracked down a domestic abuse victim to their place of safety at a refuge and passed this personal information to their abusive partner, prompting the investigation.
As part of the investigation, the ICO contacted tracing companies and professional association about their role and responsibility to members, as well discussing with groups supporting victims of domestic abuse, the National Police Chief’s Council, and the Home Office.
While the ICO’s findings did not put tracing companies and private investigators at fault, its investigation revealed that domestic abusers are using readily available and affordable technology to trace ex-partners in a worrying trend the ICO provided no remedy for.
Many of the tracing agents the ICO spoke to demonstrated an awareness of the potential risks to vulnerable people and victims of domestic abuse if they are traced. This includes requiring a person’s consent before sharing their data for ‘lost family or friend’ and ‘ex-partner’ tracing, and not starting a trace for a person believed to be vulnerable.
The ICO also found that private investigator industry bodies encourage data protection compliance and provide relevant training and resources to their members.
According to the ICO, its investigations therefore did not reveal evidence where tracing agents had been directly involved with the sharing of victim’s details.
When speaking with industry experts and charities, a deeper issue was highlighted – abusers are able to use easily accessible mainstream technology themselves to trace their victims. This includes inserting AirTags into cuddly toys given to children at supervised visits, as well as tracking victims via smart phones and watches and through searches on social media profiles.
Recommendations for Tracing Agents
The ICO did release some guidance and recommendations for tracing agents though they found no evidence of non-compliance with data protection law.
The advice includes ensuring that any impact of a trace on a person is justified, and safeguarding policies are followed and continually assessed for risk.
Further, data security and privacy measures should be integrated into all data protection activities. Agents need to consider and safeguard information rights, and people being traced should also be provided with the information they need to exercise their data protection rights, such as the right to be informed or the right of access to their personal information.
Agents should also conduct an audit of their policies and procedures to ensure they are complying with data protection law.
Protecting Information Rights of Domestic Abuse Victims
The ICO has promised to continue to work with charities and rights organisations to ensure the personal information of domestic abuse victims are handled appropriately and safely.
“As highlighted, advances in technology and popularity of social media mean that perpetrators have an enhanced level of access to information about their partner and children,” its statement said.
Further, new NHS data sharing regulations have also raised alarm bells for domestic abuse charities, as the sharing of medical data can put people at greater risk of abuse.