UK GDPRHealthcare

NHS Highland

Data Breach

Authority

ICO

Country

United Kingdom

Date Issued

March 8, 2023

Industry

Healthcare

Summary

NHS Highland was formally reprimanded for inadvertently disclosing the personal email addresses of 37 individuals likely accessing HIV services by using CC instead of BCC in an email, exposing sensitive health information and compromising individual privacy.

Violation Types

Data BreachTransparencySecurity

Articles Violated

View original enforcement decision

View United Kingdom regulatory profile →Search related breaches →

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Unlock full enforcement action details

Enter your work email to access the complete analysis. No spam, ever.

We respect your privacy. Unsubscribe anytime.

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert