Persistent data breaches deny people with HIV dignity, privacy

[Pelican Press 0]

Persistent data breaches deny people with **** dignity, privacy

Charities and healthcare organisations working with **** positive people are persistently failing to take account of their basic data protection and privacy needs, with frequent data breaches that expose people’s **** status denying those living with the condition **** “basic dignity and privacy”, the

This is the hidden content, please

• Sign In
• or
• Sign Up

(ICO) has warned.

Advances in ***** technology have rendered **** a manageable long-term condition that in many cases

This is the hidden content, please

• Sign In
• or
• Sign Up

, and the introduction of

This is the hidden content, please

• Sign In
• or
• Sign Up

(PrEP) has seen infection rates plummet, especially among gay men.

However, the

This is the hidden content, please

• Sign In
• or
• Sign Up

against people whipped up in the 1980s and 1990s still lingers, and over 20 years later many living with the condition still feel that unfortunately, they cannot be open about their **** status.

As such, the ICO said there is a clear need to improve the support offered to people with **** when it comes to the handling of their sensitive information, and information commissioner John Edwards has now called for urgent improvements, saying the ICO stands ready to assist.

“People living with **** are being ******* across the board when it comes to their privacy and urgent improvements are needed across the ***. We have seen repeated basic failures to keep their personal information safe – mistakes that are clear and easy to avoid.

“Over the past few decades there have been remarkable advances in treatment and support for those living with ****, but for people to be able to confidently use that support, they must be able to trust that when they share their personal information, it is being protected,” said Edwards.

“We know from speaking to those living with **** and experts in the sector that these data breaches shatter the trust in these services. They also expose people to stigma and prejudice from wider society and deny them the basic dignity and privacy that we all expect when it comes to our health,” he added.

Edwards said the ICO takes such breaches very seriously and recognises the detrimental impact they can have on the lives of those affected. He called for the sector to do more swiftly implement cyber security improvements such as better training, prompt reporting of accidental breaches, and a particular focus of the use of the ****** copy (BCC) function when sending emails to large lists of people.

The ICO has previously fined two organisations in Scotland, NHS Highland and

This is the hidden content, please

• Sign In
• or
• Sign Up

, over incidents arising from the misuse of mailing lists. It has also today (30 April) issued a fine to the

This is the hidden content, please

• Sign In
• or
• Sign Up

, totalling £7,500, for a breach where emails supposed to be sent to people on an **** support programme were sent to 264 email addresses using the CC instead of the BCC function.

A total of 166 people with **** were indentifiable, or potentially identifiable, from this breach. Central YMCA has paid the fine in full, although the ICO pointed out that it got off lightly – the penalty could have run as high as £300,000, although this was reduced in line with the regulator’s controversial public sector approach.

“We are very supportive of today’s statement by the ICO. Strong regulatory action is needed when organisations breach protection of **** status data, which unfortunately continues to carry with it more harmful stigma than other types of personal data,” said Adam Freedman, policy, research and influencing manager at the

This is the hidden content, please

• Sign In
• or
• Sign Up

.

“People living with **** need the confidence to know that they have recourse when their data rights are breached, and to prevent risk of further discrimination and harassment. Someone’s **** status is personal data and it should be a person’s choice to decide whether or not they share that information.

“We are pleased to see the ICO recognising the detrimental impact such data breaches can have on people living with ****, and welcome this much needed intervention,” said Freedman.

Guidance for victims and support organisations

The ICO has also issued advice and guidance for people living with **** who have been the victim of a data breach disclosing their status, or any other personal data.

In these cases, your first action should always be to complain directly to the organisation in question. If they do not respond or you are dissatisfied with what they have to say, you can then

This is the hidden content, please

• Sign In
• or
• Sign Up

. You may also wish to contact support services such as the National AIDS Trust or the Terrence Higgins Trust.

The ICO will consider all complaints about how personal data is handled and whether or not it constitutes and infringement of the ***’s data protection laws, and will share its decision on next steps with complainants.

Ultimately, the regulator is empowered to make recommendations to put things right or to improve their security practices, but where it has significant concerns about an organisation’s ability to comply with data protection law, it can take formal enforcement action leading to the possibility of fines.

Organisations working with people with **** must be aware that someone’s **** status is still highly-sensitive information that must be handled carefully – people need to be able to trust their medical information is safe and only accessible by authorised people when seeking care or support.

Such organisations need to ensure their staff are thoroughly trained with role-specific, tailored and relevant help to give them confidence that they can handle personal data safely and securely. They should also be made clear on the data breach reporting services – under *** law breaches where there is a risk to people’s rights or freedoms, as is often the case with medical information, must be reported within 72 hours of becoming aware of them.

It should be made crystal clear what records staffers are allowed to access and to this end, organisations can also help themselves by putting in place appropriate technical measures, such as enhanced password security and access controls, to make sure personal information can only be seen by those with a clear and genuine need.

Finally, as noted already, stop using BCC when sending bulk communications. Although the BCC function stops the recipients of an email seeing each other’s data, the function is easily misused, either accidentally or on purpose, and is not enough on its own to properly protect data.

Organisations sending any personal data electronically

This is the hidden content, please

• Sign In
• or
• Sign Up

, such as bulk email services, mail merge, or a secure data transfer service.

This is the hidden content, please

• Sign In
• or
• Sign Up

#Persistent #data #breaches #deny #people #**** #dignity #privacy

This is the hidden content, please

• Sign In
• or
• Sign Up