Children’s transgender charity Mermaids fined by ICO over sensitive data leak

Transgender children’s charity Mermaids has been fined for failing to keep the personal information of its vulnerable users safe.

Around 780 pages of confidential email were put online for nearly three years before being discovered in 2019.

The personal data of 24 people were considered to be particularly sensitive as they revealed their coping and emotional situation, with 15 data classified as a special category revealing information about mental health, physical health and sexual orientation.

Mermaids has again apologized for the “isolated data security oversight”.

“The safety of our service users is of the utmost importance and we fully accept that an honest but grave mistake was made a few years ago, and we are determined to ensure that Mermaids continues to diligently carry out its commitments to secure data management. “Said Belinda Bell, trustee of the mermaids.

The ICO has fined Mermaids a total of £ 25,000, taking into account their full cooperation during the investigation and the significant improvements made since the incident became known.

The regulator opened an investigation after the charity reached out through an internal email group it set up and used between August 2016 and July 2017.

The data protection officer was informed of the violation as soon as Mermaids became aware of it in June 2019.

At the time, the ICO found that the charity was negligent in its handling of data protection with inadequate policies and poor training of employees.

“The nature of Mermaids’ work should have forced the charity to put in place strict safeguards to protect the often vulnerable people they work with,” said Steve Eckersley, investigator at the ICO.

“Failure to do so exposed the very people she was trying to help to potential harm and suffering and possible prejudice, harassment, or abuse.

“As an established charity, mermaids should have known the importance of protecting personal information, and while we recognize the important work charities do, they cannot be exempted from the law.”

Recent articles

Crypto exchanges struggle as El Salvador adopts Bitcoin

Today, Bitcoin is becoming an official currency in El Salvador, and the markets and crypto exchanges seem to be struggling. On...

Schools are back – and time to comply with the ICO’s Age Appropriate Design Code

As of September 2, 2021, the United Kingdom's Information Commissioner's Office ("ICO") expects organizations to use their Age Appropriate Design Code ("AADC"). The...

the ICO wants input on when personal data goes international

You don't have to be a data-focused IT service provider to realize that the UK was lucky enough to receive an adequacy decision from...