Inappropriate disclosure of personal data.
A spreadsheet containing 400 people’s personal details was accidentally email to 60 employees.
Undertaking issued to ensure that all staff are made aware of policies regarding the transmission of personal data via email, included the need to password protect or encrypt the data according to the sensitivity of the data and the risk to the data subjects.
Reason for action
The employee had initially believed that the spreadsheet contained only the employee numbers of those 60 staff. However the data was transmitted unsecured over the internet and it could not be confirmed that all recipients had deleted the email as requested
20 January 2012.