A renowned sexual health clinic located in Soho, London could face a fine of up to £500,000 for accidentally releasing the names of hundreds of HIV positive patients. The leak occurred when patients were supposed to be blind-copied into an email and instead the details were sent as a group email. The clinic apologised shortly after sending the email on Tuesday, admitting the data breach was "unacceptable" and is said to be urgently investigating how it occurred.
The newsletter was reportedly sent to some 780 patients who had signed up to the clinic’s 'Option E' service, which lets people book appointments and receive test results by email. The leak meant that patients were able to see the names and addresses of other patients at the clinic. The clinic within hours of the leak occurring set up a helpline and sent patients a personal apology from Dr Alan McOwan, Chelsea and Westminster’s director for sexual health. Recipients were asked to delete the message immediately. The leak has prompted responses form the public who have confirmed that the email contained the names of friends who had never disclosed their HIV status before.
Further to this the release of this list exposed those affected to having their social media profiles looked up online and personal information found. Dr Alan McOwan, stated that the breach was a "devastating error".
This case illustrates the dangerous consequences of a data leak caused by human error which serves to severely impact on a person's life, reputation and privacy. It also highlights the facts that the leak could have been avoided and the need for more stringent processes to be in place in organisations like Dean Street who handle highly sensitive data on a day to day basis. Further claims are likely to arise against anyone who further publishes the information. An investigation is being undertaken by the NHS into how the leak occurred.