[MyData & Open Data] London HIV clinic accidentally reveals hundreds of patients' identities

Phil Booth phil at einsteinsattic.com
Wed Sep 2 22:19:55 UTC 2015

This all following on from another (cf. Carphone Warehouse/TalkTalk a couple
of weeks ago) major UK retailer's DP cock-up, which surfaced earlier this


It remains to be seen if their estimate of "40" is accurate...


-----Original Message-----
From: mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org] On
Behalf Of Walter van Holst
Sent: 02 September 2015 15:32
To: mydata-open-data at lists.okfn.org
Subject: Re: [MyData & Open Data] London HIV clinic accidentally reveals
hundreds of patients' identities

On 2015-09-02 16:12, Zara Rahman wrote:
> ..and to add to that, the recipients of the newsletter never actually
> *signed up* to receive the newsletter, they just seem to have been
> added without an opt-in.

Which is dodgy from an ethical point of view, and definitely from a data 
protection perspective. It is not out of line regarding anti-spam 
legislation though: there was an existing relationship.

That said, the mere existence of that newsletter is an appalling breach 
of doctor-patient confidentiality to begin with. Even without their 
monumental screw-up regarding the use of the To: or Cc: field.

Let's hope both CIO and whatever government agency is in charge of 
regulating healthcare in the UK throws the book at them. All of this is 
a less useful example of open data and privacy issues. It's too bleeding 


mydata-open-data mailing list
mydata-open-data at lists.okfn.org

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.6125 / Virus Database: 4409/10560 - Release Date: 09/02/15

More information about the mydata-open-data mailing list