This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.

Third Force News

TFN

The voice of Scotland's vibrant voluntary sector
Get updates
Third Force News
Get TFN updates
Sign in Sign up
The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Third Force News
NEWS

Data breach leads to £10k fine for Scottish charity

This news post is over 2 years old
 

A new team and board of trustees have now taken "robust steps" to improve information security

A prominent Scottish charity has been fined £10,000 for a data protection breach.

The action was taken after HIV Scotland sent out an email containing the personal details of dozens of people.

The breach involved an email to 105 people, including patient advocates representing people living in Scotland with HIV.

All the email addresses were visible to recipients, and 65 identified people by name.

The Information Commissioner's Office (ICO) issued the penalty, with the watchdog saying that an assumption could be made about individuals' HIV status or risk from the personal data disclosed.

New interim chief executive Alastair Hudson said the charity took full responsibility and apologised unreservedly to anyone who had been affected by the data breach.

He said a new team and board of trustees had taken "robust steps" to improve information security.

Hudson added: "For a small charity, financially, I cannot deny that this is a heavy blow. However, we will find a way to pay the £10,000 fine to the ICO.

"As an organisation, HIV Scotland would like to re-iterate its commitment to providing a safe and supportive space where our stakeholders and networks can contribute to better health and wellbeing for those impacted by HIV and improving sexual health for all."

The ICO said its investigation of the incident in February found shortcomings in the Glasgow-based charity's email procedures.

These included inadequate staff training, incorrect methods of sending bulk emails and an inadequate data protection policy.

It also found that despite the charity's own recognition of the risks and the procurement of a more secure system for bulk messages, it was continuing to use a less secure method seven months later.

Ken Macdonald, head of ICO regions, said: "All personal data is important but the very nature of HIV Scotland's work should have compelled it to take particular care.

"This avoidable error caused distress to the very people the charity seeks to help."

 
New treasurer for SCVO
NEWS
8 Feb 2024
8 Feb 2024
 
Charities doing worse than private sector in staving off cyber attacks
NEWS
12 Apr 2024
12 Apr 2024
Latest news
 
Charities doing worse than private sector in staving off cyber attacks
NEWS
12 Apr 2024
12 Apr 2024
Popular posts
Inclusive teacher training programme launches Largest social care charity warns funding crisis is impacting service users' lives New head at top Scots cancer charityHow we designed change I never thought that it would happen to me 
 

Sign up for our twice-weekly bulletins, to get the latest news delivered to your inbox

Third Force News

Comments

Commenting is now closed on this post
 
LATEST NEWSLATEST FEATURESLATEST LISTSLATEST OPINIONLATEST POLLSPREMIUM