Sefton PCT leaks personal details of 1800 staff

Almost two thousand NHS staff on Merseyside have had their personal details, including National Insurance, pension and salary details, accidently leaked after Sefton Primary Care Trust (PCT) sent them out to four unnamed organisations.

According to the PCT the information was sent to the organisations in November when they were bidding for services as part of a tendering process. The PCT declined to specify the nature of the services the organisations were bidding to provide

The PCT says 1,800 NHS staff were affected by the foul-up and has apologised for the mistake. An investigation has been launched to find out what went wrong.

Sefton PCT chief executive Dr Leigh Griffin told the Liverpool Daily Post it appeared the details were accidentally attached to a spread sheet sent to four firms bidding to supply services, who “immediately destroyed” the data when the mistake came to light.

Dr Griffin added: “We have had assurances from all the organisations who were wrongly sent the information that it was promptly destroyed. It is important to note that the details did not include any bank information or addresses, minimising risk to our staff”.

The PCT CEO promised a swift investigation: “We are conducting a full internal investigation so this mistake cannot and will not happen again.”

Dr Griffin has sent a letter to all staff apologising for the "accidental release of their personal data". However the PCT said it would not reveal who the four organisations were due to "commercial confidentiality".

Trade union Unite has called for an urgent investigation into why Sefton Primary Care Trust sent staff details out to the four unnamed medical organisations who were bidding to supply services.

Kevin Coyne, Unite national officer for health, told the BBC: "It is disgraceful that an organisation trusted to protect the highly personal and sensitive medical details of thousands of patients can expose their staff in such a dangerous way and then deny them the information of where the information has been illegally sent.

"This is a clear breach of the data protection law and if it was an accident, an inquiry must be launched into how and why such sensitive information was passed on to so many external organisations."

Dr Griffin concluded: “As soon as I became aware of this I launched an investigation to make sure this does not happen again and wrote to all 1,800 staff to apologise for this accidental release of data, to notify them of the investigation and to give them assurances.”

Jon Hoeksma