UK Markets open in 5 hrs 42 mins
  • NIKKEI 225

    27,562.85
    -78.98 (-0.29%)
     
  • HANG SENG

    26,194.82
    0.00 (0.00%)
     
  • CRUDE OIL

    70.26
    -0.30 (-0.43%)
     
  • GOLD FUTURES

    1,813.10
    -1.00 (-0.06%)
     
  • DOW

    35,116.40
    +278.24 (+0.80%)
     
  • BTC-GBP

    27,667.58
    -605.25 (-2.14%)
     
  • CMC Crypto 200

    939.03
    -4.41 (-0.47%)
     
  • Nasdaq

    14,761.29
    +80.23 (+0.55%)
     
  • ^FTAS

    4,074.79
    +13.67 (+0.34%)
     

Children’s transgender charity Mermaids fined by ICO over sensitive data leak

·2-min read

Children’s transgender support charity Mermaids has been fined for failing to keep the personal data of its vulnerable users secure.

Around 780 pages of confidential emails were exposed online for nearly three years, leaving personal information such as names and email addresses of 550 people searchable online, an investigation by the Information Commissioner’s Office (ICO) found.

The personal data of 24 individuals considered particularly sensitive revealed how they were coping and feeling, with 15 classified as special category data disclosing information about mental health, physical health and sexual orientation.

Four related to children aged 13 and under at the time it was discovered in June 2019.

Mermaids has apologised again for the “isolated lapse in data security”.

“The safety and security of our service users is paramount and we fully accept that an honest but significant mistake was made a number of years ago, and we are determined to ensure that Mermaids continues to fulfil its obligations regarding safe data management with the utmost diligence,” said Belinda Bell, Mermaids’ chair of trustees.

To view this content, you'll need to update your privacy settings.
Please click here to do so.

The ICO has fined Mermaids £25,000 in total, taking into consideration its full cooperation during the investigation and the significant improvements that have been made since the incident came to light.

An investigation was launched by the regulator after the charity reported itself about an internal email group set up by its chief executive Susie Green, who had used a third party platform with insufficient security settings switched on, resulting in exchanges being made public.

The data protection watchdog was notified about the breach as soon as Mermaids became aware of it in June 2019, years after the charity had stopped using it between August 2016 and July 2017.

At the time, the ICO found the charity had a negligent approach towards data protection with inadequate policies and a lack of training for staff.

“The very nature of Mermaids’ work should have compelled the charity to impose stringent safeguards to protect the often vulnerable people it works with,” said Steve Eckersley, director of investigations at the ICO.

“Its failure to do so subjected the very people it was trying to help to potential damage and distress and possible prejudice, harassment or abuse.

“As an established charity, Mermaids should have known the importance of keeping personal data secure and, whilst we acknowledge the important work that charities undertake, they cannot be exempt from the law.”

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting