UK GDPRHospitality

The Central Young Men's Christian Association

€8,700

Authority

ICO

Country

United Kingdom

Date Issued

March 5, 2024

Industry

Hospitality

Summary

The Central YMCA disclosed the email addresses of 166 individuals participating an HIV support programme by using CC instead of BCC in a group email, potentially revealing participants' health status and sensitive personal information. The organization was fined £7,500 and reprimanded for this security and data protection failure.

Violation Types

Data BreachTransparencySecurity

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert