Social media and the news sites are abuzz over the news that 780 people received their regular newsletter from 56 Dean Street – a London-based sexual health clinic – but the names of other recipients had been shown. It was a simple, and very human, error but a gross breach of data protection. It also highlights flaws in the systems that Dean Street use.
It is a dreadful blunder by the clinic and so far – to the best of my knowledge – the names have not leaked. Were they to do so, the story would move from one of clinic cock-up to one of division within the positive ‘community’. For now, the heat remains firmly on 56 Dean Street who now face a potentially significant fine from the Information Commissioner.
I’m not one of those affected by the breach. If I was, my reaction would probably be one primarily of worry, worry that my data was now ‘out there’ and could be posted to a blog at any moment. I would be frustrated that there’s no way of getting it back. Data doesn’t work like that. I also hope – but I can’t be sure – that I would be worried that a service I’ve been using would not be better off with a massive funding cut courtesy of a fine, and I think I would want reassurances that they have changed their systems in response.
This is dreadful episode, but let’s not get lost in a feeding frenzy of Internet traffic seekers and those seeking to ‘stir’ or benefit rom this breach. That doesn’t help the people who are the victims of this incident.