HIV Scotland

€11,800

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

18 de octubre de 2021

Autoridad

Information Commissioner (ICO)

GB

Sector

Individuals and Private Associations

País

GB

Ley

GDPR

Estado

FINAL

Descripción

The British DPA (ICO) has imposed a fine of EUR 11,800 on the non-profit organization HIV Scotland. The controller had sent an e-mail to 105 people, with e-mail addresses on the mailing list visible to all recipients. In the case of 65 of the e-mail addresses, persons could be identified by name. It was possible to draw conclusions about the individuals' HIV status or risk based on the personal data provided.The DPA found that the organization had failed to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. For example, the organization had conducted inadequate employee training and used improper methods for sending bulk e-mails via blind copy (bcc).

Citas legales

Art. 5 (1)Art. 32 (1)

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Norwegian Supervisory Authority (Datatilsynet) - Ø...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.