[MyData & Open Data] London HIV clinic accidentally reveals hundreds of patients' identities

Walter van Holst walter.van.holst at xs4all.nl
Wed Sep 2 14:32:06 UTC 2015

On 2015-09-02 16:12, Zara Rahman wrote:
> ..and to add to that, the recipients of the newsletter never actually
> *signed up* to receive the newsletter, they just seem to have been
> added without an opt-in.

Which is dodgy from an ethical point of view, and definitely from a data 
protection perspective. It is not out of line regarding anti-spam 
legislation though: there was an existing relationship.

That said, the mere existence of that newsletter is an appalling breach 
of doctor-patient confidentiality to begin with. Even without their 
monumental screw-up regarding the use of the To: or Cc: field.

Let's hope both CIO and whatever government agency is in charge of 
regulating healthcare in the UK throws the book at them. All of this is 
a less useful example of open data and privacy issues. It's too bleeding 



More information about the mydata-open-data mailing list