HIV Scotland

€11,800

Insufficient technical and organisational measures to ensure information security

Datum för beslut

18 oktober 2021

Myndighet

Information Commissioner (ICO)

GB

Sektor

Individuals and Private Associations

Land

GB

Lag

GDPR

Status

FINAL

Beskrivning

The British DPA (ICO) has imposed a fine of EUR 11,800 on the non-profit organization HIV Scotland. The controller had sent an e-mail to 105 people, with e-mail addresses on the mailing list visible to all recipients. In the case of 65 of the e-mail addresses, persons could be identified by name. It was possible to draw conclusions about the individuals' HIV status or risk based on the personal data provided.The DPA found that the organization had failed to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. For example, the organization had conducted inadequate employee training and used improper methods for sending bulk e-mails via blind copy (bcc).

Rättsliga hänvisningar

Art. 5 (1)Art. 32 (1)

Frågor och överträdelser

Insufficient technical and organisational measures to ensure information security
Visa officiellt dokument
Tillbaka till databasen för böter
Föregående Fine
Norwegian Supervisory Authority (Datatilsynet) - Ø...
Nästa Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Håll dig uppdaterad om efterlevnaden av sekretessreglerna

Vi respekterar din integritet. Ett e-postmeddelande per månad, ingen skräppost, avsluta prenumerationen när som helst.