South Central Ambulance Service staff data breach

The personal data of thousands of ambulance service staff has been accidentally published online, it has been revealed.

The data breach by South Central Ambulance Service (SCAS) included publishing the age, sexuality and religion of almost 3,000 staff members.

The information has been revealed by a BBC Radio Berkshire Freedom of Information request to the service.

The Information Commissioner's Office (ICO) is investigating.

'Serious' breach

The breach affected all 2,826 staff who were employed by the organisation, which covers Berkshire, Buckinghamshire, Hampshire and Oxfordshire, in October 2013, and related to the data which was attached to a report on its website, SCAS said.

In a statement it said it was made aware by the Information Commissioner's Office (ICO) of the "serious" data breach on 24 April 2014 and took immediate action to remove the personal data.

"All affected individuals, including current and past members of staff, were informed of this breach in a personal letter from the chief executive officer," it said.

It added: "We have undertaken a thorough review of all our published information on the website - over 2000 documents - and we can confirm that this was the only document affected."

Debbie Watson, from the Unite union, which represents some of the affected staff members, said the breach was "astonishing" and it "shouldn't have happened".

"If this can happen to staff data, which should be confidential, what about their patient data as well?," she asked.

SCAS said it took its "information governance responsibilities very seriously" and had been cooperating fully with the ICO.

It said it had drafted an action plan to mitigate the risk of such an event happening again, and added that it had not been patient or clinically related.

Related Internet links

The BBC is not responsible for the content of external Internet sites