• Media Enquiries

    07505 448925(24hr)

Almost 3000 NHS staff’s Equality and Diversity Information Accidently Published

3797160719_337b4742e7_bSouth Central Ambulance Service has found itself on the wrong side of the Information Commissioner’s Office (ICO) after it accidentally published the Equality and Diversity information of members of staff on its website. What’s worse is that the Trust was alerted to the data breach by the ICO, rather than by someone in the Trust itself.

We have previously warned about the serious data breaches that can occur in the NHS, with our report highlighting more than 806 separate incidents where medical records were compromised. This incident shows that patients aren’t the only ones at risk of a having their data compromised by the NHS.

The ICO found that the Trust had published 2825 current and former members of staff’s personal details on its website, with information including  the individual’s name, job and work location, nationality, marital status, age, gender, ethnic origin, disability, religious belief and sexual orientation.

The individual’s affected will rightly want to know why someone thought it was appropriate to publish such sensitive and confidential information and why nobody in the Trust itself noticed that it had happened. It would not be unfair to suggest that this incident indicates that the data protection training and monitoring in the Trust may well be lax, and that urgent steps need to be taken to prevent a similar incident from recurring.

In response to the breach, the Trust has responded by stating: “We have undertaken a thorough review of all our published information on the website (over 2000 documents) and we can confirm that this was the only document affected. We take our information governance responsibilities very seriously and we have been cooperating fully with the Information Commissioners Office throughout this investigation.”

From our own research and incidents like this one it is abundantly clear that far too many data breaches occur within the NHS and the public services as a whole. Whilst some of the incidents that occur are the produce of human error, there are others that are the result of malicious acts. Big Brother Watch remains clear that the punishments available for those found guilty of breaking the Data Protection Act are currently a poor deterrent and that far more could be done to ensure that those who purposefully seek to abuse access to our data face harsher penalties.

At present those who maliciously obtain of disclose our data currently face a maximum fine of £5,000 if the case is heard in a Magistrates Court and an unlimited fine in a Crown Court.  We, alongside the ICO, the Home Affairs Select Committee, Lord Leveson and the Justice Select Committee, continue to call for custodial sentences to be an available punishment for those found guilty of breaking section 55 of the Data Protection Act.

-Post Updated-

Posted on by Emma Carr Posted in Data Protection

3 Responses to Almost 3000 NHS staff’s Equality and Diversity Information Accidently Published

  1. Anon

    The NHS must be one of the worse offenders regarding data breaches and they do not learn from their mistakes.

    You don’t need training in data protection to know that it is not right and proper to publish data published in this latest blunder? Why would people without adequate training in this area be given access to and the authority to publish staff personal and sensitive data?

    It is time that the NHS be properly held to account for all their data disasters.

  2. Dave

    If all those on the published list claim legal compensation from the NHS for the unlawful disclosure of their details then perhaps the financial pain will sting them into being more careful. Certainly those responsible for this incompetence at all levels should be removed from their positions as a matter of urgency. If these public bodies cannot be trusted to look after their own information then what hope is there of them looking after anyone elses?

  3. billyous

    Even the NHS websites, m,any based on WordPress are extremely out of date, and as such, a potential security issue for visitors even to browse, and GP’s surgeries are no better!

Add a Comment