It has not been a good week for online privacy in the UK. Newsagent and bookstore WH Smith was subject to a security bug that resulted in the personal details of people on its mailing list being sent to other customers. Information including names and addresses was mistakenly leaked due to an error in the company’s online ‘Contact Us’ page. Even when customers filled in the contact form to inform the company of the issue, they found their comments were re-circulated around the mailing list.
But that wasn’t the biggest loss of privacy to occur this week. A sexual health clinic in London accidentally released the HIV positive status of almost 800 of its patients in a newsletter email; information usually required to be held in the strictest confidence. The email includes the names of patients that can easily be entered into a Facebook search, meaning the identities of HIV positive individuals who may not have disclosed their situation to their friends and families are now vulnerable.
“Obviously, the hospital is leading a review to find out how this happened and make sure it doesn’t happen again,” says an official spokesperson for the 56 Dean Street clinic in Soho, which could face fines of up to £500,000 for breaching data protection laws.
This comes just weeks after hackers published up to 35 million Ashley Madison user accounts on the dark web, prompting global discussions on data protection and the right to privacy. Much like the Ashley Madison hack, the clinic’s “administrative error” could have grave consequences for the patients, affecting their relationships and even their employment.
All of which begs the question; just what will it take for companies to start taking online security seriously and invest their resources accordingly? Whether we are trusting organisations with our magazine subscriptions, as is the case with WH Smith, or with much more sensitive personal information, as with the 56 Dean Street clinic, we should be able to do so with perfect peace of mind.