Header image

ICO Hits Out at Repeated Data Breaches Related to HIV Status

ICO reprimands lack of protection on personal data related to people living HIV.

People living with HIV are denied “basic dignity and privacy” by repeated data breaches that disclose their HIV status, says the Information Commissioner’s Office.

Information Commissioner John Edwards has called for urgent improvements following several data breaches, as well as concerns raised by some of the largest HIV organisations in the country.

In a statement, Edwards said repeated basic failures - that are clear and easy to avoid - to keep personal information safe are made, and data breaches shatter the trust in these services.

He said: “Over the past few decades there have been remarkable advances in treatment and support for those living with HIV, but for people to be able to confidently use that support, they must be able to trust that when they share their personal information, it is being protected.

“The ICO takes each one of these data breaches very seriously and recognises the detrimental impact they can have on the lives of those affected. We are making sure that the improvements we all want to see, such as better training, prompt reporting of personal information breaches and ending the use of BCC for sensitive communications, are being implemented as swiftly as possible.”

Previous breaches include 166 people affected when the Central YMCA sent an email using “CC” rather than “BCC” this week, while  fines or reprimands for data breaches affecting people living with HIV to charity HIV Scotland and health board NHS Highland


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.