An undertaking has been signed by Manpower UK Ltd following a breach of the Data Protection Act where a spreadsheet containing 400 people’s personal details was accidentally emailed to 60 employees.
Although no date is given for the breach, the undertaking indicates:
The Information Commissioner (the ‘Commissioner’) was provided with a report indicating that one of the data controller’s employees had emailed a spreadsheet containing the personal data of over 400 individuals to 60 employees in error, none of which consisted of sensitive personal data as defined by the Act. The employee had initially believed that the spreadsheet contained only the employee numbers of those 60 staff.
Enquiries revealed that the data controller had not given sufficient consideration to the security of the personal data compromised and had sent all data to the employee involved rather than only that which was required. It was also discovered that the data had been transmitted over the internet without protection. Although the data controller attempted to contact recipients to request deletion of the email, it has not been possible to confirm this in all cases. However, the data controller has confirmed that it has no evidence that the data disclosed has been further inappropriately processed.