HIV Scotland

€11,800

Insufficient technical and organisational measures to ensure information security

Dato for beslutning

18. oktober 2021

Myndighed

Information Commissioner (ICO)

GB

Sektor

Individuals and Private Associations

Land

GB

Lovgivning

GDPR

Status

FINAL

Beskrivelse

The British DPA (ICO) has imposed a fine of EUR 11,800 on the non-profit organization HIV Scotland. The controller had sent an e-mail to 105 people, with e-mail addresses on the mailing list visible to all recipients. In the case of 65 of the e-mail addresses, persons could be identified by name. It was possible to draw conclusions about the individuals' HIV status or risk based on the personal data provided.The DPA found that the organization had failed to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. For example, the organization had conducted inadequate employee training and used improper methods for sending bulk e-mails via blind copy (bcc).

Juridiske citater

Art. 5 (1)Art. 32 (1)

Problemer og overtrædelser

Insufficient technical and organisational measures to ensure information security
Se officielt dokument
Tilbage til bøde-databasen
Forrige bøde
Norwegian Supervisory Authority (Datatilsynet) - Ø...
Næste bøde
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold dig opdateret om håndhævelse af privatlivets fred

Vi respekterer dit privatliv. En e-mail om måneden, ingen spam, afmeld når som helst.