London sexual health clinic reveals patient HIV status after “human mistake”

The 56 Dean Street clinic, which is run by the Chelsea and Westminster hospital NHS trust, on Tuesday emailed a newsletter to 780 patients who had signed up to the clinic’s Option E service, which allows patients being treated for HIV to book appointments and receive test results by email. Recipients’ details are usually hidden from view, but an employee error meant that patients’ full names and email addresses were exposed. Health Secretary, Jeremy Hunt described the breach as “completely unacceptable” and said that a “thorough and independent review” of NHS data security measures would be conducted. The ICO is investigating.

Holiday operator admits 500 customers’ data was shared “in error”

Travel and holiday operator Thomson has reported it committed a data breach by mistakenly sending an email containing the personal data of almost 500 UK customers earlier this month. The message listed the names, addresses, contact details, dates of travel and the amount unpaid by the customer. Thomson has apologised for the breach but is reportedly not offering compensation to those affected.

ICO investigates distressing cold calls by home security company

The ICO is investigating reports that hundreds of residents in Leicestershire were awoken in the early hours to sinister automated cold calls telling them their homes were at risk of burglary. The message warned homeowners in Market Harborough and nearby villages they could no longer rely on the police to protect their properties and urged them to arrange

an appointment with a security company. It is illegal to send automated communications to households under the Privacy and Electronic Communications Regulations 2003. Late last week the ICO said it had identified the marketing agency behind the calls, and was attempting to identify the security company.

US retailers to assume greater responsibility for fraud

Under new rules which come into force on 1 October retailers could find themselves bearing the costly fall-out of data breaches. After this date, liability for credit and debit card fraud will pass from the card provider to the retailer under certain specified circumstances. The change applies to payments processed via magnetic-strip technology on cards that are enabled with newer chip-and-pin technology. Retailers who continue to accept payments using the older, less secure magnetic strip will be liable for losses arising from fraud. It is estimated that a third of cardholders in the US will still be using the magneticstrip cards at the end of 2015.

Sony Pictures settles employee data breach litigation

At least ten former Sony employees sued the company in the US District Court in Los Angeles last year after their personal, financial and medical data was published online in the high-profile hack. Attorneys announced the deal just days before a September 14 hearing scheduled to decide whether the case would be granted class action status to represent around 50,000 current and former Sony employees. The terms of the settlement were not disclosed, but further details are expected to be filed in October.

UN Privacy chief calls for “data privacy Convention”

The UN’s privacy chief said the world needs a Convention on Privacy, to counteract governments’ ever-expanding surveillance of citizens and to protect consumers’ privacy in an increasingly connected digital environment. Joseph Cannataci told the Guardian newspaper that the UK government was among the worst offenders following recent legislation which allows it to hack citizens’ personal computers. He was speaking after allegations that US intelligence spied on UN officials with the help of a major telecommunications company. Cannataci, a professor of technology, also said companies had “created a model where people’s data has become the new currency”.