The collapse of a stack of storage boxes was the incident that triggered a serious data breach at a crisis helpline provider in Londonderry, an investigation has found.
Confidential file notes on clients who had rung the Lifeline service were discovered blowing around outside the offices of charity organisation Contact in the city this summer.
Names of people who had called for counselling were visible on some of the documents, which were found strewn on roads and pavements and even floating in the River Foyle.
Contact operates Lifeline on behalf of the Public Health Agency.
The external investigation found that the storage stack collapsed and fell against - and consequently opened - an emergency door in Contact’s sixth-floor office in the Embassy building in the early hours of Sunday July 22.
The papers then fell out of the door and were blown on to the area below.
The boxes had been stacked in the corridor pending transportation to Contact’s Belfast office for archiving and shredding.
The independent review of the breach was overseen by a panel chaired by Oscar Donnelly, director of mental health at the Northern health trust.
In response to the findings, Contact’s managing director Fergus Cumiskey said a range of measures had been introduced to ensure there could be no repeat.
These include the adoption of a computer-based paperless system for data management.
Mr Cumiskey said: “This has been a painful and difficult time for Contact staff. We made mistakes and I am extremely sorry this serious breach took place.
“We have, however, worked extremely hard in partnership with the external review panel to ensure such an incident cannot happen again.
“The independent review was a rigorous process, examining every aspect of our work and every recommendation made is being followed to the letter.
“As a result of the changes we have put in place, we believe we emerge as a much stronger business, invigorated for the daily challenges of the important work our crisis counsellors provide, supporting people through tough times of distress and despair.”
Contact reported the data breach to the Information Commissioner and the British Association for Counselling and Psychotherapy. It said both had been fully briefed on the progress of the review.