The UK’s Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for a data breach that exposed the personal information of nearly 550 people.
Following a detailed investigation, the ICO found that the charity had failed to implement an appropriate level of security measures, in violation of its obligations under UK GDPR.
On 14 June 2019, Mermaids was alerted by a user that internal emails of the charity containing personal data of users were publicly available on internet.
The organisation reported the breach to the ICO on the same day and also requested Google and Archive.li to delete the archived versions of …
