May 9, 2016
Two separate data breach fines have been issued against NHS trusts in the past seven days—the same week that it was revealed that Google had been controversially granted access to the confidential patient records of 1.6 million Brits.
On Monday, the Information Commissioner’s Office confirmed that it had taken action against 56 Dean Street—a Soho, London-based sexual health clinic—after it revealed the email addresses of more than 700 users of its HIV service.
The clinic – which is run by Chelsea and Westminster Hospital NHS Foundation Trust – has been fined £180,000 following what the ICO described as a “serious breach of the Data Protection Act.”
A newsletter, circulated by the clinic last September, mistakenly revealed the email addresses of all the other recipients on the list, after the details had been inputted into the “to” field, rather than the “bcc” field. The newsletter went out to 781 people, of which 730 contained people’s full names.