Age UK has confirmed that thousands of current and past staff are affected by two data breaches which occurred at the end of last year, meaning it is likely to cost the charity tens of thousands of pounds.
The ICO confirmed yesterday that it was investigating two breaches at the charity. Age UK has now confirmed that the breach affects all staff, current and past, employed since January 2013.
The charity estimates that as many as 5,000 people may have been affected.
The charity has written to current and former employees to tell them that there were two incidents at the end of last year which mean people’s names, addresses, date of birth and national insurance number have been lost.
It is being investigated by the Information Commissioner’s Office and the Charity Commission has said it is in contact with the charity.
Yesterday the charity said it would pay for CIFAS Protective Registration for affected staff. This costs £20 per person for two years’ coverage, meaning the cost to the charity could be up to £100,000.
Charity Commission statement
A Charity Commission spokesman said: “The Commission is aware of an incident involving employees’ personal data at Age UK. Following data protection law is a critical compliance area for any charity that handles personal information, and the Commission has issued alerts to advise trustees on this.
“As the regulator responsible for data, the Information Commissioner’s Office will lead any regulatory engagement in relation to this data breach. We are in contact with the charity and are assessing information provided to establish whether trustees have met their legal duties and if there is a further regulatory role for us.”