EXCLUSIVE: Another data breach hits contact tracing scheme

It's the second time this week outsourcing companies have made this mistake.

A doctor at their desk

A firm hiring contact tracers shared the personal email addresses and names of 48 potential contact tracers without their permission, Left Foot Forward can reveal.

Campaigners said this was a “monumental error” which shows that the coronavirus response should not be entrusted to private companies.

Private recruitment firm Workforce invited coronavirus contact tracing applicants to an interview on Monday.

The day before the interview, 48 of the London applicants were sent an email cancelling their appointment – inadvertently making all their email addresses were visible to each other.

It follows a similar incident earlier this week, when another company hiring contact tracers – Serco – shared the email addresses of almost 300 contact tracers.

The Information Commissioner’s Office has confirmed to Left Foot Forward that the Workforce email release constitutes a data breach.

After their interviews were cancelled, applicants were invited to rebook. When they tried to access their online interview, technical issues meant they were unable to.

Commenting, retired paediatrician and co-chair of Keep our NHS Public Dr Tony O’Sullivan said: “This is just the latest example of the lack of care and incompetence of the private sector in delivering public services and protecting NHS data.”

“It is just disgraceful that the Government has outsourced our public health to profiteering companies with a track record in failures, fraud and incompetence. Testing, tracing and quarantining is a public health clinical priority. This urgent and life-saving process should be run by local public health teams with local authorities, primary care and the NHS.”

Alan Taman, speaking for Doctors for the NHS, added: “This was likely a mistake, but it does make you wonder: how careful will an operation of this size be if the guiding operational principle is profit, not well-being?

“Of course the NHS makes mistakes – but it has procedures in place to at least try to make them as rare as possible. I’ve known patient records left in a skip because of human error – but that resulted in a swift and thorough investigation, and changed procedures to stop it happening again; not a glib apology and no one is the wiser.”

“Public bodies have been almost wholly excluded from this, the most critical exercise in public health for close to a century: why is that?  Wouldn’t it have been better to use all available expertise instead of handing over this massive job to large corporations not exactly known for their focus on well-being?  Mistakes will be made – but private is NOT better by default.”

The director of We Own It, Cat Hobbs said: “There are few more obvious demonstrations of the farce of handing parts of the coronavirus response to private companies than two of the companies involved in tracing making a monumental error of data protection in quick succession. It’s staggering that just days after Serco made a similar mistake, Workforce have seemingly repeated it.

Hobbs continued: “What this shows is that private companies can’t be trusted in our health service. Our NHS should be run for the public, in public hands – not by private companies looking to make a quick buck. As our new report shows – from testing to PPE, private companies have resolutely failed to deliver the response to coronavirus we need. It’s time we kicked them out of our NHS for good.”

Workforce did not reply to repeated requests for comment but the company is understood to have apologised to the applicants whose data was shared.

Joe Lo and Josiah Mortimer are co-editors of Left Foot Forward.

Comments are closed.