Notification of a Data Breach
At 10:30am yesterday (6th September) Cheshire FA was notified about a potential security breach.
On investigating this, it has become apparent that the details of our registered referees including; name, email address, phone number, address and dates of birth were shared by 2 League Referee Appointments Officers with a small number of club secretaries. In turn, some of these secretaries shared the information with managers.
Whilst we believe the above in each case to have been done by volunteers in good faith for the administration of the game, we consider that the release of this information to Clubs does amount to a breach of the data protection principles in the Data Protection Act 2018.
Since the breach, Cheshire FA has contacted every league, club and team manager that has received this information and requested the following:
- For the email to be deleted immediately
- To email Safeguarding@CheshireFA.com to confirm deletion of the email
- To inform us if they have passed the email onto anybody and if so, how many people, who and what are their contact details.
We have further contacted all leagues, clubs and team managers that received the initial communication regarding the issue to confirm deletion.
We are now satisfied that the data has been contained and that sufficient steps were taken quickly and effectively to ensure the risk of this breach was minimised.
We have reported this incident to the Information Commissioner’s Office and we are regularly updating them on this incident.
Summary:
We have emailed all referees affected by this breach.
We have reported the breach to relevant legal bodies.
We will be continuing to investigate this breach with the guidance of our legal advisors and the ICO.
If you have any queries regarding the data breach please contact Safeguarding@CheshireFA.com
