Data breaches by Mermaids exposed in the Times

[truthisarevolutionaryact]

Mermaids has apparently put lots of confidential data online including private emails, personal data and emails demonstrating the pressure they have put on the Tavistock.
Andrew Gilligan article - share token:

www.thetimes.co.uk/article/parents-anger-as-child-sex-change-charity-puts-private-emails-online-tl0g5hwcg?shareToken=2f8ddc23419c61360023562a62e74d13

Should I have said “grammatical” in my previous post? Do I need to put myself on the naughty step for a long, hard think?

Does anyone know what’s going on? Is there an investigation? What happens now?

Is the GIDS statement the first mention that 450 email chains were shared? That seems such a lot.

Is the GIDS statement the first mention that 450 email chains were shared? That seems such a lot.

I wondered this too. Has anyone heard that figure before?

The original Times article said 1000+ pages but not the number of emails.

Is the GIDS statement the first mention that 450 email chains were shared? That seems such a lot.

Yes, that's odd. I don't recall it being referred to in that way anywhere else.

This bit of the GIDS statement about the Mermaids data breach is slightly puzzling:
If you have been affected and are distressed by this, or have concerns that you would like to raise with our service, please do get in touch. To be clear, this breach has nothing to do with the Gender Identity Development Service. We have never shared patient information with Mermaids.

So although the breach has nothing to do with GIDS and they have never shared information with Mermaids they will offer ad hoc counselling or advice of some sort to people who have been affected by the breach? Or is that only for existing GIDS clients?

I think anyone planning to take legal action would be better off not speaking to anyone but a solicitor who understands data protection law.

TheInebriati
Well, yes, I completely agree - but I didn't get the impression that they mean legal advice, more some kind of handholding. Else why would they raise the subject at all? I wonder what sort of answer they give to Jo Bloggs who's never contacted them before and whose daughter's details have been shared with people never intended to see it? Would they urge Jo to seek legal advice? And what advice they'd give to an existing client?

Don't the NHS have quite strict rules about what they share over email? That's what I was told by my GP.

boatyardblues Wed 19-Jun-19 20:39:01
Should I have said “grammatical” in my previous post? Do I need to put myself on the naughty step for a long, hard think?

FFS, how ridiculous to poke fun because someone has mentioned spelling errors in an important document. It's an indication of being slapdash.

I think anyone planning to take legal action would be better off not speaking to anyone but a solicitor who understands data protection law.

This ^^

The charity also has a Duty of Care to the children & famillies.

Sharing personal information & communication even within the trustee group is completely contrary to good practice with regards confidentiality & respect for service users.

I take your point Juells. The levity was misjudged. I agree that typos in the charitable objects are just another symptom of poor oversight.

Now I feel like a cranky shit

These are key principles which I would expact any service (whether voluntary or statuatory) supporting children and/or vulnerable adults to work from:

"The 6 Principles of Confidentiality

Justify the purpose(s)

Don’t use patient identifiable information unless it is absolutely necessary

Use the minimum necessary patient-identifiable information

Access to patient identifiable information should be on a strict need-to-know basis

Everyone with access to patient identifiable information should be aware of their responsibilities

Understand and comply with the law"

Let’s hug it out and never mention it again.

In principles above, 'patient' would be replaced by the appropriate term indicating the relationship of people with the service, charity or organisation providing support or assistance.

It is quite clear that information regarding a particular child (patient) was shared between Mermaids and Gids and the parent, including details of why the child needed bumping up the waiting list. I find this extraordinary. God's is definitely also at fault in all this.

I suspect the Times will probably have a wealth of similar incidents and evidence from the 1000 pages/450 email chains.

"Gids" obv though they may identify as God.

I agree fanny if that’s what’s been happening then that’s all kinds of wrong. A lobby group exerting pressure on nhs service regarding specific patients?? There needs to be serious look at what’s going on here

It is quite clear that information regarding a particular child (patient) was shared between Mermaids and Gids and the parent, including details of why the child needed bumping up the waiting list. I find this extraordinary. Gid's is definitely also at fault in all this.

There have been serious whistle blown Safeguarding issues with the service at GIDS from senior staff. GIDS response to the concerns raised has also been criticised & demonstrated major issues with the service.

There are very few grounds for reporting a charity to the Charity Commissioner, but one of them is not obeying the law. Surely the CC should be investigating Mermaids. They just seem so badly run, and cavalier with the truth, people's privacy, safeguarding, and the law.

The grounds for complaining about a charity are here btw: forms.charitycommission.gov.uk/raising-concerns/

There's also the Childrens Commisioner.

"Gids" obv though they may identify as God.

How do you pronounce GIDS anyway? Is it pronounced like ‘guides’ or is it the short ‘i’ like in ‘gits’?