BBC News - Government in email privacy blunder

An interesting articles regarding data security from the BBC News

A government department responsible for data protection laws has shared the contact details of hundreds of journalists.

The Department for Digital, Culture, Media and Sport emailed more than 300 recipients in a way that allowed their addresses to be seen by other people.

The email - seen by the BBC - contained a press release about age-checks for adult websites.

Digital Minister Margot James said the incident was "embarrassing".A

She added: "It was an error and we're evaluating at the moment whether that was a breach of data protection law."

In the email sent on Wednesday, the department said new rules would offer "robust data protection conditions", adding: "Government has listened carefully to privacy concerns."

A DCMS Spokesperson said: "In sending a news release to journalists an administrative, human error meant email addresses could be seen by others. DCMS takes data privacy extremely seriously and we apologise to those affected."

It is the second time this month a government department has made a mistake of this kind.

The Home Office previously admitted breaching data protection rules when it launched the Windrush compensation scheme.

It shared the contact details of Windrush migrants in an email about the scheme.

An internal review was launched and Immigration Minister Caroline Nokes apologised "unreservedly" for what she said was an "administrative error".

The data breach affected five batches of emails, each with 100 recipients, Ms Nokes added.

On the same theme. 

Trans charity Mermaids UK 'deeply sorry' for data breach

A charity supporting transgender children and young people has issued an apology after thousands of emails were made public online.

Mermaids UK said it was "deeply sorry" for what it called a "historical data breach" after it was first reported by the Sunday Times.

The paper claims the correspondence included "intimate details", names and addresses, but the charity denies this.

Mermaids said it had taken immediate action and reported the breach.In an official statement on the Mermaids UK website, the charity claimed that the emails were from 2016 and 2017, and that they were searchable only "if certain precise search-terms were used".

It maintained there was "no evidence" the information had been retrieved by anyone other than the Sunday Times, or those contacted by their journalist.

A Mermaids spokesperson told the BBC the emails were shared to a private group on a private messaging platform.

They insisted that the 1,100 emails were between executives and trustees of the charity, discussing matters relating to their work.

"To be clear this is absolutely not Mermaids service users emailing each other, and their emails and private correspondence being available to an outside audience," the spokesperson said.

The Times, however, reported that the emails contained "intimate details of the vulnerable youngsters it seeks to help".

It said the emails could be found simply by typing in the charity name and its charity number. 

Mermaids UK stated it had notified the Information Commissioner's Office, the data protection watchdog, and contacted those affected.The Charity Commission had also been notified, it said, and an independent investigation into the breach would be launched.

"We're going to be employing a third party to oversee processes and advise on how we can improve internal practice," the spokesperson told the BBC.

"I think it's important to note that this dates back some two years when Mermaids was a smaller charity dealing with the first aggressive onslaught from those who are opposed to giving vulnerable transgender children and young people the safe spaces they need."

Mermaids UK was formed in 1995, and is the country's leading charity in services offering support around gender and identity to children and young people up to 20 years old.

It recently received £500,000 from the National Lottery Community Fund.

BBC News - Government in email privacy blunder