Department of Health and Social Care written question – answered on 20th July 2020.

Alert me about debates like this

Photo of Jon Trickett Jon Trickett Labour, Hemsworth

To ask the Secretary of State for Health and Social Care, with reference to Serco's sharing of 296 email addresses belonging to covid-19 contract tracers, for what reasons Serco was not required to refer itself to the Information Commissioner’s Office for that matter.

Photo of Nadine Dorries Nadine Dorries Minister of State (Department of Health and Social Care)

We understand Serco did report the data breach to the Information Commissioner’s Office.

Serco also alerted the NHS Test and Trace service immediately. The breach was caused by including email addresses of new contact tracing recruits in the carbon copy (cc) rather than blind carbon copy (bcc) field. Serco apologised to staff affected and reminded colleagues of the need to always use the ‘bcc’ feature rather than ‘cc’ feature in future.

Ensuring the privacy of users and security of their personal data is a priority for the National Health Service and the Government. We follow cyber security best practice to help protect this data and comply with the law around the use of data, including the Data Protection Act 2018.

Does this answer the above question?

Yes1 person thinks so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.