Royal Cornwall Hospital Trust inadvertently exposes staff sickness records
Learn More
Royal Cornwall Hospitals NHS Trust is reporting a data breach affecting thousands of its current and former employees. The breach occurred when an editable spreadsheet containing sensitive staffing information was inadvertently disclosed as part of a Freedom of Information (FOI) request.
The spreadsheet, which was published on the trust's website disclosure log, exposed:
- Staff names
- Job titles
- Descriptions of sickness absences
- Dates of sickness absences
The data breach affected approximately 8,100 current and former employees who worked for the trust between April 2020 and May 2023. The trust has emphasized that no patient data or financial information was compromised in the incident. All affected individuals have been notified by letter about the breach and informed of the steps being taken to address the situation.
The trust has reported the incident to the Information Commissioner's Office (ICO). A spokesperson stated that the trust takes "the security of personal information extremely seriously" and emphasized their commitment to learning from the incident and improving their data protection processes.
The ICO assessed the incident after receiving the breach report and provided data protection advice to the trust. Following careful evaluation, the ICO concluded that no further regulatory action was necessary at this time.
