Roche Diagnostics releases Medical Data via the web

Hot on the heels of the Astroglide Sex Lubricant disaster where details of Astroglide free Sample requestors "slipped out", Roche Diagnostics, makers of the Accu-Chek range of diabetic meters have today released random details via their email list to each of us who has registered for their newsletter.

I registered some time ago. I was about to pen a piece on the very poor marketing of sending me a newsletter only now after I registered for it back in September 2006. I clicked the button "Update your profile" and was given the record of what appears to be a Roche employee instead of my own. I clicked again and was given the full record of a very nice gentleman in Crewe. He was aghast when I called him and told him I could see his data. I clicked again and "met" a chap in Manchester whose phone was on voicemail. Another in Lincolnshire was amazed. People are clicking and phoning the next couple on the list. A screen shot, suitably redacted is to the right.

Note that SSL technology is not used. This is Sensitive Data under the terms of the UK Data Protection Act 1998, and it is not protected properly

I've looked at the Roche website and it has an excellent privacy policy, and no useful contact details.

Next step?

The UK Information Commissioner for a formal complaint

Follow the update trail

See Also Compliance and Privacy News