Liverpool hospital trust data breach investigated

  • Published
Royal Liverpool University Hospital
Image caption,

The trust runs Royal Liverpool University Hospital, Aintree, Broadgreen and Liverpool University Dental Hospital

Liverpool's main hospital trust is being investigated after the personal information of thousands of staff was emailed to hundreds of people.

A file with names, addresses, National Insurance numbers and salaries of staff at the Royal and Aintree hospitals was emailed to managers at the trust.

The Information Commissioner's Office (ICO) said it offered data security guidance after the December incident.

But following additional information, it is now "making further inquiries".

James Sumner, Liverpool University Hospital Foundation Trust's chief executive, said the breach arose as a consequence of the "unintentional sharing" of personal staff information during a file sharing exercise that was conducted to support management of payroll details as part of arrangements around strike action.

Trust staff were informed by email on 8 February of the data breach with Mr Sumner issuing letters to those impacted, the Local Democracy Reporting Service said.

In a report he said the trust undertook a full email recovery and deletion process and reported itself to the ICO.

In an update from Rob Forster, chief finance officer and deputy chief executive, it was said an internal review of the data breach was "drawing towards finalisation" and would be subject to independent external assessment before its findings were released.

An ICO spokesman said: "All organisations using personal data should do so safely and securely.

"If anyone has concerns about how their data has been handled, they can report these concerns to us."

Why not follow BBC North West on Facebook, external, Twitter, external and Instagram, external? You can also send story ideas to northwest.newsonline@bbc.co.uk, external

Related internet links

The BBC is not responsible for the content of external sites.