We take full responsibility for this data breach and thank our supporters for their solidarity and understanding at a difficult time. We are grateful to the ICO for taking into account our prompt remedial action and for balancing the size of its fine against our need to continue supporting service users, whilst protecting charitable donations made by our many generous supporters. The safety and security of our service users is paramount and we fully accept that an honest but significant mistake was made a number of years ago, and we are determined to ensure that Mermaids continues to fulfil its obligations regarding safe data management with the utmost diligence.
This historical data breach was brought to our attention in June 2019, at which point we immediately reported the incident to the ICO and cooperated fully to ensure issues regarding our systems and processes were addressed as a matter of the highest importance. The Charity Commission, in communication with the ICO, has stated it has no further regulatory concerns. The charity engaged an external data consultant to address issues raised, and their report confirms that no wider issues were identified. The charity also instructed an information technology security auditor to carry out a review of the incident. In addition, a full safeguarding audit has been completed this year. All complaints from the data subjects affected have now been resolved and we would like to repeat our apology for this isolated lapse in data security.
Belinda Bell (she/her), Chair of Trustees