20 October 2014

Staff personal data – breach

Breach one (data emailed to staff member’s personal email address) (4,000 staff)

  • Surname and initial
  • Marital status
  • Previous last name
  • Date of birth
  • Age
  • Gender
  • Home address
  • Telephone (home)
  • Telephone (mobile)
  • Email address
  • Country of birth
  • Nationality
  • NI (national insurance) number
  • Residency status (eg permanent)
  • Disability
  • Religious belief
  • Sexual orientation
  • Ethnic origin
  • Contract type
  • Assignment number
  • Staff group (eg, nursing, administrationand clerical, etc)
  • Pay (salary)
  • Payroll number
  • Payscale
  • Payscale description
  • Grade
  • Spinal point
  • Agenda for Change (AfC)spinal point and value
  • Incremental date
  • Title (eg secretary)
  • Role (eg manager)
  • Contracted hours (eg 37.5hours)
  • Employee category (eg full time)
  • Organisation (eg West Hertfordshire Hospitals NHS Trust)
  • Site name (eg Watford Hospital)
  • Organisation cost centre
  • Division
  • Training (eg non clinical)
  • Supervisor (eg line manager)
  • Department manager
  • Length of service
  • Assignment category (eg permanent)
  • Assignment status (eg active)
  • Assignment start date
  • Person start date
  • Start date in position
  • Fixed term end date
  • Fixed term reason
  • Actual termination date
  • Assignment end date
  • Bank posts held
  • Re-starter (previously left)
  • Latest hiredate
  • NHS entry date
  • Disclosure and Barring Service (DBS) (disclosure type)
  • IT email address

Breach two (data emailed to staff member’s personal email address) (1,500 staff)

Locum:

  • Name
  • Mobile
  • Email address
  • Date of birth
  • Professional body
  • Registration number and expiry date
  • Assignment number

Permanent:

  • Name
  • Post
  • General Medical Council (GMC) registration and expiry
  • Immigration
  • Licence to practice
  • Visa status
  • Passport seen and expiry date
  • Mobile
  • Email
  • Disclosure and Barring Service (DBS) unique number
  • Start date
  • Employment status
  • Rotation details
  • Post number
  • ATR (approval to recruit)
  • Opt out
  • Consent

Breachthree (data emailed to another NHS trust) (740 staff)

  • Electronic Staff Record (ESR) number
  • Name
  • Mobile
  • Email
  • Date of birth
  • General Medical Council (GMC) membership and expiry
  • Assignment codes

Ends

1