ICO: ‘People living with HIV are being failed across the board when it comes to their privacy’

Information commissioner John Edwards has called for urgent improvements in the way that personal data is handled after warning that patients are being robbed of ‘basic dignity’ by information disclosures

UK information commissioner John Edwards has called for “urgent improvement” as persistent data breaches are denying HIV patients “basic dignity and privacy”. 

Edwards said the lack of action is leaving those with HIV subject “to stigma and prejudice”.

In recent years, the ICO has issued reprimands to NHS Highland and HIV Scotland for “serious data breaches” which exposed individuals living with the health condition. Both organisations used carbon copy (CC) instead of blind carbon copy (BCC) when sending emails to those suffering from the condition, meaning the recipients could see each other’s email addresses. In NHS Highland, one recipient confirmed they had recognised four other individuals, one of whom was a previous sexual partner.

Related content

The ICO is also calling for better staff training, appropriate technical procedures and prompt reporting from HIV services, to tackle the issue. The regulator has also been working with HIV and domestic abuse charities to improve the support given to people who have had their data breached. An update on this work is to be published soon.

Edwards said: “People living with HIV are being failed across the board when it comes to their privacy and urgent improvements are needed across the UK. We have seen repeated basic failures to keep their personal information safe – mistakes that are clear and easy to avoid. Over the past few decades, there have been remarkable advances in treatment and support for those living with HIV, but for people to be able to confidently use that support, they must be able to trust that when they share their personal information, it is being protected,” Edwards added.

Adam Freedman, policy, research and influencing manager at the National AIDS Trust, added: “Strong regulatory action is needed when organisations breach the protection of HIV status data, which unfortunately continues to carry with it more harmful stigma than other types of personal data. People living with HIV need the confidence to know that they have recourse when their data rights are breached, and to prevent the risk of further discrimination and harassment.”

The announcement comes after recent findings by the ICO revealed that the health sector accounts for more than a fifth of personal data breaches.

A version of this story originally appeared on PublicTechnology sister publication Holyrood

Sofia Villegas

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter