Sefton PCT refuses to reveal data breach trail

Sefton Primary Care Trust (PCT) on Merseyside is refusing to name the outsourcing organisations it wrongly sent personal details about 1,800 staff to.

The details included National Insurance numbers, salary details and pension arrangements.

The information is reported to have been sent to the four outsourcers in November as part of a tendering progress for work at the PCT.

Sefton PCT chief executive Leigh Griffin told the Liverpool Daily Post that it appeared the details were accidentally attached to a spreadsheet sent to the outsourcing firms.

Griffin said the information had been destroyed by the firms when the mistake came to light.

But the PCT has refused to name the organisations it sent the information to on grounds of "commercial confidentiality".

In recent UK data breaches the identities of those wrongly sent information have been made public to help investigations into the breaches.

The staff union of those affected by the PCT incident said the mistake had breached the Data Protection Act.