Advertisement
Some of the email addresses that were shared.
Data Breach

Health body apologises after email addresses of 200 job applicants are incorrectly shared in email

The Data Protection Commissioner has been informed of the incident.

A STATUTORY HEALTH body has apologised for a data breach in which the email addresses of unsuccessful applicants to a job were mistakenly shared.

In an email informing individuals that their application had been unsuccessful, the email addresses of about 200 other applicants were shared.

The email, seen by TheJournal.ie, was sent by the Pre-Hospital Emergency Care Council (PHECC) on Tuesday. PHECC is an independent statutory body which sets the standards for education and training for pre-hospital emergency care in Ireland.

All emergency medical technicians, paramedics and advanced paramedics must be registered with PHECC in order to legally practice in Ireland.

The affected individuals had applied for a clerical role in PHECC’s office in Naas, Co Kildare.

One of the applicants told TheJournal.ie: “What scares me about this leak of data is that although I was unsuccessful, if word had spread to my current employer it wouldn’t have looked too favorably on me and it may have affected my standing in my current role.

“Due to their lack of care and attention it has landed me in a stressful situation worrying that my current employer will find out and affect my current job or income.

“It’s lucky this was only an email address and not my physical address and patient data too.”

‘Genuine error’

Richard Lodge, Director of PHECC, confirmed that the email addresses of the unsuccessful applicants “were mistakenly pasted into the “To” section rather than the “Blind Copy” section of a bulk email and were included in an email sent to all unsuccessful applicants”.

“Regrettably, this resulted in all unsuccessful applicants having visibility of the email addresses of all other unsuccessful applicants.

The error was noted 18 minutes after sending the email and an apology was immediately sent to all the individuals concerned, requesting that, as the data was not intended for them, the email is deleted from their inbox as a containment measure.

Lodge said a Data Breach Notification was compiled and sent to the Data Protection Commissioner.

“This was a genuine error on our part and we take such incidents very seriously.

“As Director of the Pre-Hospital Emergency Care Council, I would like to take responsibility for this breach and apologise unreservedly for any distress or upset this may have caused to the recipients of the e-mail.”

Lodge added that the organisation is now reviewing its policies and procedures and “seeking to introduce measures that would prevent a repeat of this type of error happening again in the future”.

Your Voice
Readers Comments
23
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel