ICO fines HIV Scotland for email data protection breach
News and information from the Advent IM team.
The Information Commissioner’s Office (ICO) has fined the charity HIV Scotland £10,000 for a breach of data protection law through an emailing.
It sent an email in February 2020 to 105 people which included patient advocates representing people living in Scotland with HIV. All the email addresses were visible to all recipients, and 65 of the addresses identified people by name.
The ICO said that from the personal data disclosed, an assumption could be made about individuals’ HIV status or risk.
Its investigation found shortcomings in HIV Scotland’s email procedures, including inadequate staff training, incorrect methods of sending bulk emails by blind carbon copy (bcc), and an inadequate data protection policy.
Read via UK Authority