Recipients of an emailed newsletter were supposed to be blind-copied, but whoever sent it mistakenly copied email addresses into the “To:” field rather than “BCC:”, with the result that every recipient could see everyone else’s names and email addresses. The Guardian reports that the employee responsible was “distraught” at their error.
Dr Alan McOwan, Chelsea and Westminster hospital NHS trust’s director for sexual health, emailed an apology:
I’m writing to apologise to you. This morning at around 11.30am we sent you the latest edition of OptionE newsletter.
This is normally sent to individuals on an individual basis but unfortunately we sent out today’s email to a group of email addresses. We apologise for this error.
We recalled/deleted the email as soon as we realised what had happened. If it is still in your inbox please delete it immediately.
Clearly this is completely unacceptable. We are urgently investigating how this has happened and I promise you that we will take steps to ensure it never happens again. We will send you the outcome of the investigation.
Information Commissioner’s Office investigation
The Information Commissioner’s Office (ICO), which can issue fines of up to £500,000 for breaches of the Data Protection Act 1998 (DPA), has announced that it’s investigating the incident.
We are aware of the incident regarding the 56 Dean Street clinic and are making enquiries
— ICO (@ICOnews) September 2, 2015
The clinic has set up a helpline for patients affected by the breach: (020) 3315 9555 or (020) 3315 9594.