Triad Group Plc Leading IT Delivery Implementing Safeguards To Block Publishing Disinformation; Preserve Right Not To Have Personal And Private Data Published On The Internet; Prevent Burglary And Vandalism Where Wealth is Advertised: Respect E-mails Carrying .Personal Data Supplemental Authority–Government E-mails Breach GDPR Computing 12 April 2021: Evidence: Name, Personal E-mail and Address Published on BAILII and Secret Subscription Services by Sarah Moore, Employee Judicial Office MoJ, Contrary to Privacy Designation With Predictable Results

Security

Covid results emails may breach GDPR

"Messages from the Department of Health and Social Care contain

personally identifiable information........"

Tom Allen

12 April 2021

"Free, rapid lateral flow tests for coronavirus are now available in England, but the government notifications confirming the results appear to contravene several articles of the GDPR."

"All results from the new tests, even if negative, should be reported; ..........."

"........confirmatory emails from the Gov.UK Notify service contain personally identifiable information (PII), ..........." and "are likely to have issues with GDPR compliance."

"As well as general coronavirus advice like the importance of social distancing, each Notify email contains the user's name, date of birth and NHS number."

"Email is, at its heart, an insecure medium, too easy to hack or intercept - or even read over someone's shoulder. The personal details are included to prove that an email is from official government channels, which was common in the analogue (i.e. paper-based) past; but in a world of digital identity theft, such practices must be reviewed. And as Kuan points out, the email itself is pointless:

"I'm OK with the UK DHSC requesting my DoB and NHS number (as long as they store it securely and share it securely and only on a need to know basis). But, I already know my own DoB and NHS no., wouldja believe it, and, with this type of home test kit, I do actually already know my result! There's absolutely no need to email any of that info to me."

"The Notify emails breach at least four articles of the GDPR:

Article 5 (1)(f), stating that PII 'must be processed in a manner that ensures appropriate security of the personal data'
- The related Article 32, regarding security of processing
Article 5 (1)(c), stating that PII shall be 'adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation')'
Article 25, covering data protection by design and by default
Article 35 on data protection impact assessments (DPIAs)"

"While the layperson may not be put off, data-conscious individuals might think twice about reporting their test results (which is not, currently, a legal requirement), to lower the risk of data and identity theft - with knock-on effects on NHS data collection and virus tracking."

We have contacted the DHSC's data protection officer and will update this story when we hear back.

Note from Custodian: this article has been edited to exclude references to Fieldfisher with whom there is an ongoing dispute from December 2017. This concerns their illegal trafficking of personal information sent to them by the ex general counsel and company secretary of FRC that Fieldfisher could not properly accept. FF was taking that personal data in order to block a referral to the FRC of BDO. These are the creators of the FRP platform (Nick Carter-Pegg), that BDO was using in a predatory way against its Chilterns and PKF customers, as well as those it told it could report as auditor but could not as it is a predator, not assurance reporter.

Fieldfisher was rewarded by an "auditor's report" on 27 December 2017, signed by Nick Carter-Pegg BDO (FRP, Stallard, FRP's AIM float lawyers) . Formal objection to them has been made: the person they were addressing at the time and blocking was lying in hospital in a coma. Her work assisting Melanie McLauren Director FRC in October 2017, is recorded and available on this website.

To be added:

Notes of MACLUG meeting 2018 when MM raised the question of needing a path for GDPR only claims for the court to cope on a production line basis.

Evidence of insecurity of email: AJL 27 January 2005, about which AMF has done nothing to date despite saying he cares about his reputation in the IT industry and at that date being Chair of the Audit Committee of TRD, and interested in protecting the privacy and privilege of its Exec Dep Chair, Group CEO and FD, (MM) whose e-mailed instructions were accepted by A&O were intercepted and passed into the market.

Barely a week later, MM's email @triadgroup.plc.uk was abruptly cut off. The Sponsor withdrew their BUY recommendation and stopped putting their client base into the stock.