12 December 2007 | Andy Allen
A primary care trust has mistakenly sent out financial details of nearly 2,000 of its staff - including salary and pension details - to four companies bidding for a health contract.
The mistake happened when the Sefton Primary Care Trust sent out details to firms hoping to supply services to its sexual health division.
The details included names, dates of birth, national insurance numbers and salary and pension information. The trust's blunder comes just weeks after HMRC lost CDs containing the personal data of 25 million people.
The Unite union has branded the lapse "disgraceful" and called for an inquiry into how it happened.
"To add insult to injury, the trust will not tell staff the names of the organisations that have their information owing to the confidential nature of the tendering process," said Kevin Coyne, the union's national officer for health. Coyne said if the trust would not divulge the bidders' names it should scrap the tendering process and start again.
Dr Leigh Griffin, chief executive at Sefton, said in a statement: "We have had assurances from all the organisations who were wrongly sent the information that it was promptly destroyed. It is important to note that the details did not include any bank information or addresses, minimising risk to our staff.
"As soon as I became aware of this I launched an investigation to make sure this does not happen again and wrote to all 1,800 staff to apologise for this accidental release of data, to notify them of the investigation and to give them assurances."