Working with regulators to protect your HIV data from breaches
Through our discrimination casework, my colleague Lindsey (our Senior Discrimination Caseworker) and I were seeing a concerning number of cases where people living with HIV were having their status shared without their consent, in a range of settings. Clearly, this problem was a cause of significant distress for the people concerned, so after some research, I identified the Information Commissioner’s Office (ICO) as the organisation which held the power to prevent this, provide organisations with guidance and reprimand and fine those who break the law in this way.
After approaching the ICO and detailing the harm that data breaches can do to people living with HIV, I’m pleased to say they were really receptive to working with us.
Using real-life examples from our casework, we were able to show the ICO cases where people’s HIV status had been shared without their consent, how this led to further HIV discrimination and then outline some practical ways that the ICO could help.
We contributed to a review of their complaints process, to make sure that the very real harm arising from personal data breaches is taken as seriously as it should be. We also helped with an evaluation of their customer journey, and Lindsey provided training to their customer services team, helping them to understand the effects of a breach of someone’s HIV status, drawn from her experience in handling a growing number of cases like this that she is supporting. As a result, the ICO made some changes to their data breach complaint assessment processes, incorporating our feedback and suggestions. Harm is now given the consideration it deserves when complaints are made about personal data breaches.
So it is really good to see demonstrated, in the statement that they have released today – “Organisations need to more to help people affected by data breaches” - the importance that the ICO places on this matter. This will have a very real impact on the lives of people living with HIV and others whose data has been breached. Since our collaboration, we are aware of at least one complaint to the ICO about the breach of a person’s HIV status that has now been reviewed again, and the decision reversed in that person’s favour, so this project has already allowed someone affected by this kind of breach to get justice.
National AIDS Trust will continue to work in partnership with the ICO on issues related to HIV and data protection, to achieve the best outcomes possible for people who have been affected. This work has been a really good example of how we can engage effectively with official bodies to reduce discrimination against people living with HIV today, with tangible positive outcomes.
If you have experienced discrimination due to HIV, we provide a free Discrimination Advice and Support service, which you can contact here.