HIV Scotland has been fined a staggering £10,000 by the Information Commissioner’s Office after incorrectly using the CC option as opposed to BCC when sending an email.
The email contained the agenda for an event of HIV Scotland’s Community Advisory Network which brings together patient advocates.
However, using the carbon copy (CC) rather than the blind carbon copy (BCC) feature, meant everyone who received the email could see 65 recipients by name.
Ken Macdonald, Head of ICO Regions, said:
“All personal data is important but the very nature of HIV Scotland’s work should have compelled it to take particular care. This avoidable error caused distress to the very people the charity seeks to help.
“I would encourage all organisations to revisit their bulk email policies to ensure they have robust procedures in place.”
Alastair Hudson, who was appointed interim chief executive of HIV Scotland in January, said:
“HIV Scotland takes full responsibility and unreservedly apologises to those who may have been impacted by the data breach and we continue to offer our full support in any way we can.
“Since installing our new team and board of trustees, we have taken robust steps to improve information security and we are confident that such an incident could not be repeated.
“For a small charity, financially, I cannot deny that this is a heavy blow. However, we will find a way to pay the £10k fine to the ICO.”
The charity had little more than £300,000 in income during 2020.
HIV Scotland has been given until 16 November 2021 to pay the fine.
All funds raised from fines are paid into the Government’s general bank account at the Bank of England.
charitytoday.co.uk | 24 October 2021