Data breaches by Mermaids exposed in the Times

[truthisarevolutionaryact]

Mermaids has apparently put lots of confidential data online including private emails, personal data and emails demonstrating the pressure they have put on the Tavistock.
Andrew Gilligan article - share token:

www.thetimes.co.uk/article/parents-anger-as-child-sex-change-charity-puts-private-emails-online-tl0g5hwcg?shareToken=2f8ddc23419c61360023562a62e74d13

www.thetimes.co.uk/article/stonewall-is-using-its-power-to-stifle-trans-debate-say-top-academics-dtswlcl0n?shareToken=760203f4185fe9a1e8d143ac5b4d211e

This is on the page after the 2 Mermaids stories in my online edition...

It's the Trump tactic - lie, lie and lie again, because supporters can't be bothered sifting through the complicated truth, a big simple lie is easier to grasp.

Once a charity starts accepting large amounts of public money & running controversial training programs in schools they are fair game for investigative journalism. I’ve looked up charities using their name & reg number, I look on the Charity Commission website to see when they last submitted their accounts etc to see how they are being run.

Susie Green isn’t actually a trustee as well as CEO is she?

If so that rather destroys the point of trustees holding the running of the charity to account.

Yes the twitter feed is bonkers (I seem to be using that word a lot to describe Twitter feeds). “The Times is a rag like the Sunday Sport”. “More transphobia”. “Attacking a charity that helps children”.

These people are desperate.

Yes, she is. There are three others, one from Lloyds Bank who is also Treasurer.

It seems to suggest Green is CEO and chair if the trustees.

Good grief. If true than yes, huge governing fail if she’s chair as well!!!

Are they on glue?

Even if they were “hacked” (they weren’t), that doesn’t excuse the laxity of their security! They are still very much at fault. They are in possession of extremely sensitive medical data, which should be scrupulously controlled with the highest possible standards. Reporting themselves to the ICO is the bare fucking minimum they needed to do. It’s an appalling data breach.

And that’s before you even get into the activity revealed by the emails, much of which is extremely troubling, particularly with regard to the ECHR.

Going by her Linked In I don't think Susie is still Chair.

Interestingly, when I Google "Susie Green Mermaids" it shows the list of trustees in the listing description. The search results are (I presume) using a cached version as the names are different?

If interested the names shown are Susie Green, Caroline Roberts, Janet Adams, Neil Mackin, Helen H.

On mobile so I can't easily check cache.

All the comments on Twitter feed do is expose Mermaids even more clearly as the cult it is.

Strange. Dr Anthony James lists himself as a mermaids trustee. (And fellow NHS digital).

Perhaps they haven't updated the list of trustees?

I know what I’d be doing if I were the Lloyds bank guy....

Or maybe they just unofficially tell lots of people they can be a trustee so they feel special?

Is usual for charities to use recruitment agencies to find trustees? www.peridotportal.co.uk/mermaids/index.php

Oh gawd I need to go to... what was that place? Badderly Fuckery or some such?
A break away from the madness.

Anna Chivers was a trustee of Leicester LGBT Centre.

I think it’s not unusual for charities to use search agencies to find trustees, no. I imagine mermaids may find it a little more difficult than most. Whatever your views on transgender issues, there’s enough noise around them to deter the risk-averse at this point.

And it is not unusual for charities to use recruitment agencies, usually the larger / national ones more so than small local organisations, it can be good practice to widen the pool.

Here's a new share token to the Sunday Times. The article went up yesterday and the comments were excellent - and 100% critical. Unfortunately they never get carried over and any new comments are pre moderated - so currently not viewable.

www.thetimes.co.uk/article/parents-anger-as-child-sex-change-charity-puts-private-emails-online-3tntlwqln?shareToken=e60dd9c34ac017fab2e5d86a9c99be08

I'm disgusted that this is only being reported by the Times and Mail. If say GIDS had had a data breach involving this sort of information about its patients the Guardian would be all over it. It sickens me that they're so morally bankrupt that they'll suppress news to protect organisations like Mermaids.

ItsAllGoingToBeFine, those tweets from Mermaids feed don't look like they were made by anyone who uses the charity itself. Its easy for people who have not had their data plastered all over the Internet to say it was nothing. Indeed the fact that a bunch of random supporters think it unimportant doesn't exactly show they value those kids safeguarding on any level what so ever. They are collateral were the only thing that matters is the cults success.

Thanks for the new share token. I bought the The Times yesterday and thought Janice Turner's article was excellent. I will be buying The Sunday Times today.

Jolyon Maugham (prominent barrister) on Twitter saying that this isn't the first Mermaids breach.

"Far less serious but earlier this year they shared the names of donors with other donors on email without permission. They need to make big changes".

twitter.com/JolyonMaugham/status/1140132260471083009

So this is a list of companies and organisations who have been fawning over this lot? I’d be very interested to see that.

Either way, its hard to see that Mermaids have a long and fruitful future ahead of them at this point.

Red, I agree. There's a toxic mix of recklessness, arrogance, incompetence and evangelism. And the resulting hubris leads to a total disregard for proper procedures, policies, and safeguarding.

I suspect Susie Green and Mermaids will be sacrificed as the scapegoat.

The revolving door of the funding orgs and influencers will move on to other orgs (see, this thread: www.mumsnet.com/Talk/womens_rights/3609290-Has-anyone-seen-the-thread-on-Twitter-about-the-Guardian-BBC-and-Channel-4-link-with-Mermaids-etc ).

Hmmm, I am having a bit of a data protection geek out.

I’ve looked at the mermaids privacy policy, and they are relying on the grounds of legitimate interest in their processing of data, including sensitive data.

This is the language of the GDPR on legitimate interest:

”Processing shall be lawful only if and to the extent that at least one of the following applies:

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The ICO is pretty clear that they want legitimate interest very narrowly interpreted and it’s not a blanket permission for organisations to do whatever they fancy with your data because it’s good for their business. You also need to be very clear on exactly what the legitimate interest actually is, eg fraud prevention, fulfilment of contract etc. And they’re super clear that this must always be balanced against the rights of the data subject.

If any Mermaids parents are here, please try to look past the fact that you think we’re hateful bigots and get a data subject request in to mermaids. You MUST take the protection of your child’s data very seriously, and you really ought to make sure an organisation that you are placing such trust in has the protection of your child’s interests at the core of everything it does. Please hold them to the highest possible standards. They are playing fast and loose with every rule put in place to protect you and your child - demand better from them!