Over the last two days we have blogged about two of the most prevalent forms of business disruption: IT outages and product recalls. Today we turn our attention to another very common, and growing, form of disruption: data breaches.
It was announced last week that Chelsea and Westminster Hospital NHS Foundation Trust has been fined £180 000 by the Information Commissioner’s Office (ICO) for the high-profile data breach at the 56 Dean Street Clinic last year. You may recall that in September 2015, the clinic sent an email newsletter to over 700 service users that showed the email addresses of all other recipients. The ICO has ruled that this was a serious breach of the Data Protection Act, commenting:
“It is clear that this breach caused a great deal of upset to the people affected. The clinic served a small area of London, and we know that people recognised other names on the list, and feared their own name would be recognised too. That our investigation found this wasn’t the first mistake of this type by the Trust only adds to what was a serious breach of the law.”