A document – sent as an email attachment to an undisclosed number of Well locums last week (December 11) – included individuals’ names, addresses, phone numbers, email addresses and some payroll numbers, as well as “information to assist us in successfully placing locums and employees”, the multiple told C+D yesterday (December 19).
“The email was recalled immediately. However, certain information may be at risk of being shared,” Chris Ellett, Well transformation director and senior information risk owner, said.
The message did not contain “any information relating to personal characteristics”, he stressed.
Not a list of “banned individuals”
In an email to all Well employees on Tuesday (December 18) – a copy of which C+D has seen – Mr Ellett said the document had not contained bank details, national insurance numbers, dates of birth or patient data.
Responding to concerns from locums that the list referred to “‘banned’ individuals”, Mr Ellett said: “We want to reassure you that is not true.
“How we handle your personal data at Well is very important and I am truly sorry this has happened.”
Well is unable to confirm how many people received the email until it has completed a “full investigation”, it told C+D. The multiple has informed data protection regulator the Information Commissioner’s Office, it added.
“We’re sorry this has happened and have already implemented a number of changes to our processes to ensure that a similar incident does not occur again,” Mr Ellett said.
PDA: This may not be the end
The Pharmacists’ Defence Association (PDA) warned that Well’s investigation into the leak “may not be the end of it for those people whose data has been disclosed”.
In a statement on Tuesday, the PDA advised those who had received the email “not to open the attachment and to permanently delete the spreadsheet”.