Global Data & Privacy Update - 4 September 2015

Author:Ms Margaret Tofalides
Profession:Clyde & Co

London sexual health clinic reveals patient HIV status after "human mistake"

The 56 Dean Street clinic, which is run by the Chelsea and Westminster hospital NHS trust, on Tuesday emailed a newsletter to 780 patients who had signed up to the clinic's Option E service, which allows patients being treated for HIV to book appointments and receive test results by email. Recipients' details are usually hidden from view, but an employee error meant that patients' full names and email addresses were exposed. Health Secretary, Jeremy Hunt described the breach as "completely unacceptable" and said that a "thorough and independent review" of NHS data security measures would be conducted. The ICO is investigating.

Holiday operator admits 500 customers' data was shared "in error"

Travel and holiday operator Thomson has reported it committed a data breach by mistakenly sending an email containing the personal data of almost 500 UK customers earlier this month. The message listed the names, addresses, contact details, dates of travel and the amount unpaid by the customer. Thomson has apologised for the breach but is reportedly not offering compensation to those affected.

ICO investigates distressing cold calls by home security company

The ICO is investigating reports that hundreds of residents in Leicestershire were awoken in the early hours to sinister automated cold calls telling them their homes were at risk of burglary. The message warned homeowners in Market Harborough and nearby villages they could no longer rely on the police to protect their properties and urged them to arrange an appointment with a security company. It is illegal to send automated communications to households under the Privacy and Electronic Communications Regulations 2003. Late last week the ICO said it had identified the marketing agency behind the calls, and was attempting to identify the security company.

US retailers to assume greater responsibility for fraud

Under new rules which come into force on 1 October retailers could find themselves bearing the costly fall-out of data breaches. After this date, liability for credit and debit card fraud will pass from the card provider to the retailer under certain specified...

To continue reading