Data Protection Breach

27 July 2016

Data protection breach: Sending out bulk emails resulting in a fine of £180,000.*

The public has a general expectation that their personal data will be used lawfully and that additional security measures will be in place for ‘sensitive personal data’.

The case

An employee who worked for Chelsea and Westminster Hospital NHS Foundation Trust was tasked with sending out a newsletter to the users of its sexual health clinic. The employee prepared the newsletter for distribution and put all of the 730 email recipients’ details in the “to” field and sent the email which resulted in 730 full names and personal email address being on view to other recipients. The Information Commissioner’s Office was informed and during their investigation they found that a similar error had been made previously where a member of staff had emailed a questionnaire to 17 patients (putting their details in the “to” field) in relation to their HIV status and treatment.

The outcome

The ICO found that there had been no specific employee training following the earlier breach, although the Trust had put some remedial measures in place.  Despite this the Trust was fined £180,000 as these breaches could have been prevented by adequate rules being put in place and enforced by the employer.Laura Burnett

Laura Burnett, Employment Law Team Manager, says:

 

“Whilst it is fine to send out bulk emails to people in a database or selected groups, the key factor is to ensure their contact details are not on display to other recipients of the email. The only way to avoid breaching data protection rules is to insert the recipients’ details in the “bcc” field, not the “to” or “cc” fields. It is imperative to double check the addresses and the information disclosed before pressing “send”, otherwise the implications can be far reaching.”

If you are concerned about your employees in terms of potential data protection breaches, please contact us.

GET A FREE CONSULTATION

Get in touch and we'll organise a free audit of your business.

Pop in your details and we'll call you straight back

We'll get back to you as soon as we can.