- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
UK Regulator: HIV Data Protection Must Improve
The UK’s Information Commissioner’s Office (ICO) has called for “serious improvements” to data protection processes for organizations handling information on HIV sufferers, after reprimanding an NHS body.
It said NHS Highland emailed 37 people likely to be accessing HIV services, but mistakenly used the CC rather than BCC function, exposing their details to each other.
According to the ICO, one person confirmed that they recognized four other individuals on the email list, one of whom was a previous sexual partner. Two patients submitted formal complaints to NHS Highland, with one of them making more than one complaint.
NHS Highland escaped a £35,000 fine in line with the regulator’s new lighter-touch approach with public sector bodies, but the ICO slammed the health board for a “serious breach of trust.”
It also used the opportunity to remind any organization handling highly sensitive information of this sort that they must take extra care.
ICO deputy commissioner for regulatory supervision, Stephen Bonner, argued that HIV service providers must set the highest standards in data protection.
“The stakes are just too high. Research shows that people living with HIV have experienced stigma or discrimination due to their status, which means organizations dealing with this type of information should take the utmost care with their personal data,” he added.
“Every HIV service provider in the country should look at this case and see it as a crucial learning experience. We are calling on organizations to raise their data protection standards and put the appropriate measures in place to keep people safe.”
As part of the reprimand, NHS Highland will now have to review data protection and email policies, including the use of group emails, and use the “appropriate technical and organizational measures” when sending group emails containing highly sensitive information. It should also consider running an internal UK GDPR training compliance assessment, the ICO said.
