AN investigation has been launched after information about nearly 3,000 ambulance employees was published online.
The Information Commissioner’s Office is looking into how the data breach happened and South Central Ambulance Service (SCAS) has reviewed all the information on its website.
The breach – which was discovered on April 24 – affected 2,826 members of staff who were employed by the trust in October 2013 and related to the data which was attached to a report published online. It is not known how long the information was posted before being taken down.
It included details of employees names, locations of work, job roles and whether they were full or part time as well as their nationality, marital status, age, gender, ethnic origin, disability, religious belief and sexual orientation. However SCAS says staff choose not to disclose some information.
Jacqueline Pearce-Gervis, who worked in administration at the Radcliffe Infirmary and is now a board member of watchdog Healthwatch Oxfordshire, said: “My initial reaction is that it is very alarming.
“Having been a member of staff at the hospital I would be extremely worried at having my details published online.”
Unite spokeswoman for the South East and ambulance workers Debbie Watson said: “Our main concern is how that level of information ever got onto the website in the first place.”
Andrew Smith MP
Oxford East MP Andrew Smith said: “It is an appalling lapse in data security and I am sure SCAS will know how badly they have let down the staff affected.
“If there is an investigation then we have to see what that shows up but I would be surprised if the ICO didn’t impose some sanctions on the trust.”
More than 2,000 documents on the SCAS website have now been reviewed by the trust to make sure no other personal information has been published.
SCAS spokeswoman Michelle Archer said: “We took immediate action to remove the personal data that was attached to a report.
“All affected individuals, including current and past members of staff were informed of this breach in a personal letter from the chief executive officer.
“An investigation is underway into the circumstances around this incident, using an external information governance auditor.
“We have undertaken a thorough review of all our published information on the website and we can confirm that this was the only document affected.”
ICO spokesman James Stanley said it was aware of a potential data breach and said: “We are currently making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”
SCAS refused to say how long the information was in the public domain.
• Our top stories: