The YMCA was fined £7,500 by the ICO for a data breach that exposed email addresses of people living with HIV, leading to concerns about privacy. The breach occurred when emails intended for those in a HIV support program were mistakenly sent using carbon copy (CC) instead of blind carbon copy (BCC), revealing the addresses to all recipients. This incident highlighted the need for stronger protections for individuals with sensitive medical conditions, with calls for improved data protection standards in health services
The ICO emphasized the importance of handling HIV status information with sensitivity and discretion, and stressed the significance of using proper data protection measures, especially in the health sector. This breach adds to the list of similar incidents where BCC errors have led to privacy breaches, prompting the ICO to issue warnings to organizations to use secure email practices for handling sensitive personal information. https://www.infosecurity-magazine.com/news/ico-raises-concerns-privacy-hiv/