SeftonPrimary Care Trust (PCT)on Merseyside
is refusing to name theoutsourcingorganisations it wrongly
sent personal details about 1,800 staff to.
The details included National Insurance numbers, salary details
and pension arrangements.
The information is reported to have been sent to the four
outsourcers in November as part of a tendering progress for work at
the PCT.
Sefton PCT chief executive Leigh Griffin told the Liverpool
Daily Post that it appeared the details were accidentally attached
to a spreadsheet sent to the outsourcing firms.
Griffin said the information had been destroyed by the firms
when the mistake came to light.
But the PCT has refused to name the organisations it sent the
information to on grounds of "commercial confidentiality".
In recent UK data breaches the identities of those wrongly sent
information have been made public to help investigations into the
breaches.
The staff union of those affected by the PCT incident said the
mistake had breached the Data Protection Act.