Latest news with #InformationCommissioner
BBC News
16-07-2025
- Business
- BBC News
Dumfries and Galloway Council apologises over email data breach
A council has apologised after a data breach saw a number of email addresses disclosed in and Galloway Council is understood to have sent the addresses out with a customer survey from its planning department.A statement for the authority said: "We would like to reassure all concerned that this was a low-risk event and that no sensitive personal information was shared."The local authority has taken immediate steps to address the issue and to further strengthen our data handling procedures." The council said that it followed the Information Commissioner's recommended assessments of risk to determine the "most appropriate course of action"."We are confident that there is no ongoing risk to individuals, and we remain committed to upholding the highest standards of data protection and privacy," it added."We apologise for any concern to those affected by this."
BBC News
10-07-2025
- Health
- BBC News
NHS Fife reveals £220,000 legal bill for Sandie Peggie trans row tribunal
NHS Fife has spent nearly £220,500 defending itself in an employment tribunal case brought by Sandie Peggie, a nurse who complained about sharing a changing room with a transgender doctor. Ms Peggie was suspended following an incident at Victoria Hospital in Kirkcaldy, and claims her treatment by the health board was unlawful under the Equality Act. The tribunal, which began in February, is due to resume next Wednesday and is expected to last another 11 days. NHS Fife is only liable for the first £25,000 of the litigation costs, with a scheme to protect health boards paying out the remaining money. Under the Clinical Negligence and Other Risks Indemnity Scheme, the Scottish government's health and social care directorate is initially responsible for costs above the £25,000 money is then recouped from member bodies in their annual contributions to the scheme which aims to ensure frontline clinical services are not affected. Details of the spend were revealed after an order from the Information Commissioner following FOI requests from the Herald newspaper and other newspaper said the health board "repeatedly refused" to release the information due to concerns around assisting Ms Peggie's legal team, informing other legal firms on NHS billing expectations, and possible endangerment of the health board said it did not have access to the information about the costs when the FOI requests were initially Fife confirmed that, as of 31 May, a total of £220,465.93 has been spent so far on legal costs relating to the said the figure included counsel fees and services provided by NHS Scotland's central legal health board said it was not possible to estimate the full cost of proceedings while the tribunal was still ongoing.A spokesperson said: "NHS Fife notes the report from the Scottish Information Commissioner published on 9 July and will comply fully with the decision notice."NHS Fife sought a Rule 50 order to protect the confidentiality of sensitive personal information of staff involved in the tribunal process ."As a public sector organisation NHS Fife has a duty of care to all its staff with consideration given to protecting their privacy, safety, security and wellbeing."The decision to apply for the order was made following legal advice and in line with the reasons outlined above."The Information Commissioner's Office has been asked for comment. Harassment claims Sandie Peggie took NHS Fife and Dr Beth Upton to tribunal after she was suspended over an incident in the female changing room in Victoria Hospital in December Peggie objected to having to share the changing room with Dr Upton - a trans woman - and claims her treatment amounted to unlawful harassment under the Equality Upton made an allegation of bullying and harassment against the incidents alleged by the medic happened before the UK Supreme Court unanimously ruled that a woman is defined by biological sex under equalities the time, NHS guidance said that trans men and women were allowed to use the changing rooms that aligned with their gender Equality and Human Rights Commissioner has since written to NHS Fife and the Scottish government to remind them about workplace legislation around single-sex tribunal was initially scheduled to conclude in February after 10 days but has been adjourned until Wednesday 16 July.
CTV News
17-06-2025
- CTV News
‘Profoundly damaging': U.K. and Canadian officials on the 23andMe global data breach
Watch Privacy Commissioner of Canada and U.K. Information Commissioner provide update on the joint investigation into the data breach that impacted 7-million people.
Bloomberg
17-06-2025
- Business
- Bloomberg
23andMe Fined £2.31 Million by UK Over Genetic Data Leak
23andMe was fined £2.31 million ($3.1 million) by UK regulators after a 2023 cyber attack exposed users' genetic data in yet another privacy crisis surrounding the troubled DNA data bank. The UK Information Commissioner's Office announced the penalty Tuesday after a joint investigation with its Canadian counterpart. The former Silicon Valley startup violated UK data-protection laws, it said, by failing to put in place: appropriate authentication measures for customer login, relevant security steps for accessing raw genetic data and measures to detect and respond to cyber threats.
BBC News
17-06-2025
- Business
- BBC News
UK watchdog fines 23andMe for 'profoundly damaging' data breach
DNA testing firm 23andMe has been fined £2.31m by a UK watchdog over a data breach in 2023 which affected thousands of Information Commissioner's Office (ICO) said the company - which has since filed for bankruptcy - failed to put adequate measures in place to secure sensitive user data prior to the incident."This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions," said Information Commissioner John Edwards.23andMe is set to be sold to a new owner, TTAM Research Institute, which said it had "made several binding commitments to enhance protections for customer data and privacy." 23andMe's users were targeted by what is known as a "credential stuffing" attack in October 2023. This saw hackers use passwords exposed in previous breaches to access 23andMe accounts for which people had used the same or similar were able to access 14,000 individual accounts - and, through those, download information relating to about 6.9m people linked to as possible relations on the to the ICO, this included access to personal data belonging to 155,592 UK residents, such as names, year of birth, geographical information, profile images, race, ethnicity, health reports and family data did not include DNA records."As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number," said Mr Edwards. Due to its more sensitive nature, genetic data is considered special category data under UK data protection law and requires further protections and controlling it should consider having additional security measures in place to help secure it, according to the ICO's investigation - launched along with Canada's privacy commissioner last June - found that 23andMe breached UK data protection law by not having appropriate authentication and verification measures for customers during its login included not having mandatory multi-factor authentication to allow users logging in to verify themselves through additional means or company also did not have secure password requirements or more verification requirements for users trying to download raw genetic data, it Edwards said such failures and delays in resolving them "left people's most sensitive data vulnerable to exploitation and harm"."Their security systems were inadequate, the warning signs were there, and the company was slow to respond," he company says it resolved the issues identified during the ICO and the Office of the Privacy Commissioner of Canada (OPC)'s probe by the end of watchdogs recently called on 23andMe to protect the sensitive personal data of its customers amid its bankruptcy company was initially set to be sold to biotechnology company Regeneron Pharmaceuticals in a $256m 23andMe said on Friday it had agreed to the sale of its assets to TTAM Research Institute - a non-profit biotech organisation led by its co-founder and former chief executive Anne said the purchase of the company for a new price of $305m would come with binding commitments to uphold existing policies and consumer protections, such as letting customers delete their accounts, genetic data and opt out of research.A bankruptcy court is scheduled to hear the case for its approval on Wednesday.
