Security News > 2021 > October > HIV Scotland fined £10,000 for BCC email blunder identifying names of virus-carriers' patient-advocates

HIV Scotland fined £10,000 for BCC email blunder identifying names of virus-carriers' patient-advocates
2021-10-25 11:48

The United Kingdom's data watchdog is calling on organisations to review their "Bulk email practices" after a BCC blunder by HIV Scotland incurred a £10,000 fine for breaking data protection regulations.

The case pertains to an email that was sent to 105 individuals on the Community Advisory Network list, which is made up of patient-advocates "From across Scotland to represent the full diversity of people living with HIV".

The Information Commissioner's Office, which investigated the February 2020 email event, said that from the personal information exposed, assumptions could be made about the people's HIV status or risk.

On 3 February last year, HIV Scotland hit send on an email - relating to an event about to take place - via Microsoft Outlook, relaying the missive to 105 folk on the CAN. Instead of opting for the Blind Carbon Copy feature, it used Carbon Copy.

"All personal data is important but the very nature of HIV Scotland's work should have compelled it to take particular care," said Ken McDonald, head of ICO Regions.

HIV Scotland was penalised with a £10,000 fine under section 155 of the Data Protection Act 2018.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/25/hiv_scotland_email_fail/