Included in this edition of Data & Privacy News: NHS withdraws from Home Office data sharing arrangement; Vision Direct reveals website has been hit by data breach; Florida healthcare provider hit by data breach affecting 42,000 patients and more...


NHS withdraws from Home Office data sharing arrangement

The NHS has withdrawn from a controversial data-sharing arrangement with the Home Office, which reportedly left seriously ill migrants too afraid to seek medical help.

The arrangement allowed patients' confidential details to be passed on to immigration enforcers, with campaigners stating that many migrants had missed out on "the right to privacy and access to healthcare" as a result of the data-sharing.

A new deal has now been discussed by the Home Office and NHS Digital, which would only allow data requests on those facing deportation action due to serious crimes, or where it is necessary to protect someone's welfare.

Concerns over UK disconnection from EU databases following Brexit transition period

Following the Brexit transition period, which ends on 31 December 2020, the UK will be locked out of European Union databases unless a data adequacy decision is adopted by the Commission. 

The EU's various databases and networks provide essential information vital to areas such as policing and border checks.

Last week, a political declaration about the future relationship was published alongside the draft Brexit agreement, which discussed hopes to strike a reciprocal arrangement for data exchanges. 

Vision Direct reveals website has been hit by data breach

Vision Direct, an online contact lens supplier, has revealed a data breach which compromised customer's personal information including billing addresses, email addresses, full payment information and telephone numbers. 

The company has not yet revealed how many customers were affected by the breach, though they have confirmed it relates to users logged into the site between 3-8 November 2018 who updated or entered new information.

Affected payment methods include Visa, MasterCard and Maestro but not PayPal.

Vision Direct has emailed customers to notify them of the data breach.

Voxox exposes tens of millions of text messages in security lapse

Voxox, a San-Diego based communications company, has exposed tens of millions of text messages through a security lapse on its server. 

The messages contained information such as password reset links, two-factor authentication codes and shipping notifications. 

The company had failed to password protect its server, allowing access to anyone who knew where to find it.

Voxox is used by companies such as Amazon to convert shipping codes or two-factor authentication codes into text messages for customers. The company is also used by apps such as Viber and HQ Trivia for similar. 

Florida healthcare provider hit by data breach affecting 42,000 patients

Health First, a Florida-based healthcare provider, has been hit by a data breach exposing personal information of 42,000 patients.

The breach, which occurred between February and May 2018, was "fairly low level" affecting mainly patient addresses and birth dates. 

An executive at Health First noted employees were victims of phishing scam which then allowed criminals to gain access to some customers' personal information. 

Key contacts

Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen

View profile