HIV Scotland

€11,800

Insufficient technical and organisational measures to ensure information security

Dato for beslutning

18. oktober 2021

Myndighet

Information Commissioner (ICO)

GB

Sektor

Individuals and Private Associations

Land

GB

Lov og rett

GDPR

Status

FINAL

Beskrivelse

The British DPA (ICO) has imposed a fine of EUR 11,800 on the non-profit organization HIV Scotland. The controller had sent an e-mail to 105 people, with e-mail addresses on the mailing list visible to all recipients. In the case of 65 of the e-mail addresses, persons could be identified by name. It was possible to draw conclusions about the individuals' HIV status or risk based on the personal data provided.The DPA found that the organization had failed to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. For example, the organization had conducted inadequate employee training and used improper methods for sending bulk e-mails via blind copy (bcc).

Juridiske henvisninger

Art. 5 (1)Art. 32 (1)

Problemer og overtredelser

Insufficient technical and organisational measures to ensure information security
Se offisielt dokument
Tilbake til bøtedatabasen
Tidligere Fine
Norwegian Supervisory Authority (Datatilsynet) - Ø...
Neste bot
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold deg oppdatert om håndheving av personvern

Vi respekterer personvernet ditt. Én e-post per måned, ingen spam, avmelding når som helst.