Outsourcing giant Serco has apologised for accidentally sharing almost 300 email addresses of new contact tracers recruited to assist in the government’s coronavirus ‘test, track and trace’ strategy, as reported by the BBC.
The error was made when the company emailed new trainees to tell them about training. Serco included 296 addresses in a CC section of an email rather than BCC, meaning they were visible to recipients.
Serco said it had apologised and would review its processes "to make sure that this does not happen again".
— Cat Hobbs (@CatHobbs) May 19, 2020
In the UK the government has hired 21,000 contact tracers with the aim of reducing the spread of coronavirus by identifying people who have been in recent contact with someone with symptoms. The system is already being used in countries such as Germany and South Korea.
Serco is among the companies that are recruiting, coaching and managing the 15,000 contact tracers who do not have clinical training.
The error did not involve patients' data but will be unhelpful for a contact tracing project that is set to ask many thousands of people who have fallen ill to share the details of their friends and acquaintances.
Serco wrote the email to tell new trainees not to contact its help desk looking for training details.
According to the Guardian, the justice secretary, Robert Buckland, told BBC Radio 4’s Today programme that it was right for Serco to apologise. “It brings into stark relief the importance of privacy about confidentiality which underpins all of this,” he said.
“With the app being developed as well, the government has got that issue of privacy very much in mind in making sure that we can have maximum confidence, because these systems will only work if we get a significant part of the population taking part.”
Radio 4 reported that the mistake could leave the company in breach of data protection rules and how at least one member of staff had raised the issue with the information commissioner.
Serco has said it is not intending to refer itself to the Information Commissioner’s Office over the incident.
