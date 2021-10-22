Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Folder An icon of a paper folder. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. Linked In An icon of the Linked In logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo.
HIV Scotland fined £10,000 for sending bulk email which identified recipients

By Press Association
October 22 2021, 12.13pm
The charity sent out an email using the CC function instead of BCC meaning recipients could see who else had been sent it (Dominick Lipinski/PA)
The charity sent out an email using the CC function instead of BCC meaning recipients could see who else had been sent it (Dominick Lipinski/PA)

All organisations are being urged to revisit their bulk email policies after a data protection breach led to the charity HIV Scotland being fined £10,000.

The Information Commissioner’s Office fined the charity after it sent a bulk email to 105 people in February 2020.

The email contained the agenda for an event of HIV Scotland’s Community Advisory Network, which brings together patient advocates from across the country.

However, the email used the carbon copy (CC) rather than the blind carbon copy (BCC) feature, meaning everyone who received the email could see the other recipients.

The email addresses could identify 65 people by name, and the ICO said an assumption could be made about their HIV status or risk based on this.

HIV Scotland contacted the ICO and submitted a data breach report on the same day as the incident.

The charity’s chief executive apologised to all those involved in the breach, with the mistake being put down to “human error”.

An ICO investigation found shortcomings in the charity’s email procedures and inadequate staff training.

It found that the charity had procured the Mailchimp system to send secure emails in July 2019, but had not fully implemented it at the time of the data breach.

The ICO’s ruling said this “represents a serious and negligent failure to take appropriate organisational and technical steps to reduce the possibility of an incident occurring”.

Ken Macdonald, head of ICO Regions, said: “All personal data is important but the very nature of HIV Scotland’s work should have compelled it to take particular care.

“This avoidable error caused distress to the very people the charity seeks to help.

“I would encourage all organisations to revisit their bulk email policies to ensure they have robust procedures in place.”

