The head of Rape Crisis Scotland, who offered up phone numbers of survivors, was cleared over complaints that her actions amounted to a data breach.
In September, Chief Executive Sandy Brindley asked if the Sunday Mail wanted the phone numbers of women who used the centre to bolster her role when questioned over calls for her to quit.
But hours after the publication of our story, we can now reveal the charity received a number of complaints.
One stated Brindley’s actions had amounted to “an action of gross misconduct” and a breach of the charity’s “privacy policy as well as a data protection violation.”
Another also asked if any data breach had been reported to the Information Commissioner.
Brindley, who has refused to resign following a damning report into the scandal surrounding transwoman Mridul Wadhwa who ran Edinburgh’s sexual violence support service had said to the Sunday Mail: “If you do want the numbers of some rape survivors, let me know.”
She has come under fire after an independent probe this month found Wadhwa “did not understand the limits of her authority”, rape survivors were not prioritised and single sex services not protected”.
Wadhwa – who was backed by Brindley – claimed rape victims who wanted single sex care were bigoted and “should “reframe their trauma”.
Asked about the complaints, a spokeswoman for Rape Crisis Scotland said: “Rape Crisis Scotland has undertaken a robust review – supported by external legal advice – on the complaints received and specifically of the circumstances the complaints concern.
“The review established, and the legal advice confirmed, that there was no breach of data protection laws, and no notification was required to be made to the ICO.”
The Information Commission confirmed they had not received a data breach report from Rape Crisis Scotland.
An ICO spokesperson said: “People have the right to expect that organisations will handle their personal information securely and responsibly.
“If a person has concerns about how their data has been handled, they should raise these concerns with the organisation first, then report them to us if they are not satisfied with the response.”
For Women Scotland said: “At this point, we can barely raise an eyebrow that an internal investigation into their own CEO only merited a one-liner to the effect that, “we checked and found we have done nothing wrong”.
“Credible and repeated reports of a data breach involving offering to hand over rape survivors details is clearly too insignificant to consider following the normal process of self-reporting to the Information Commissioner.
“And informing complainers that they were not service users sounds ominously like RCS was again conducting a further breach in checking names against their records.
“Such a lifeline service for women HAS to do better than this, and if the Board can’t work to restore women’s trust in their service then they should all ship out and leave it to those who can bring about a much need improvement.”
Mary Howden of campaign group, Women’s Rights Network Scotland, said: “The Women’s Rights Network Scotland were astonished to read that Sandy Brindley had provided contact details of service users to give supportive statements of her position to the press.
“Services which work with women and girls who have experienced sexual violence should be hypervigilant to the need for confidentiality and risk assess whether any information provided would breach data protection.
“This is another example of incompetence and loss of trust. How many more mistakes are the Trustees of RCS prepared to accept before Brindley is sacked.”
Don’t miss the latest news from around Scotland and beyond – Sign up to our daily newsletter here.