The education minister in Northern Ireland has “unreservedly” apologised after the personal details of more than 400 people who had offered to contribute to a review of special education needs were breached.
The embarrassing data breach came to light on Thursday after the education department said it had mistakenly sent to 174 people a spreadsheet attachment that contained the names, email address and titles of 407 individuals who had expressed an interest in attending the end-to-end review of special education needs (SEN) events across Northern Ireland.
The spreadsheet included comments made by a number of individuals.
The department said the 174 people who received the personal data in error had been asked to delete the information and confirm they had done so.
It is understood that a number of those affected by the data breach have contacted the department to express their concerns about what happened.
The Northern Ireland education minister, Paul Givan, said: “The department takes its responsibilities around data protection extremely seriously and we unreservedly apologise to all those affected as this should not have happened.
“The individuals involved have been contacted to make them aware of the data breach.”
Givan said he had instructed his permanent secretary to launch a full investigation into the data breach, led by Internal Audit.
“In parallel, the department will be working to put in place measures to help make sure this does not happen again,” he said.
“An initial notification has been made to the Office of the Information Commissioner regarding the data breach and the department will continue to engage with them as they conduct their investigation. As our investigation continues, all those impacted, as well as the Information Commissioner’s Office, will be kept updated.”
It is not the first time there has been a data breach by an official body in Northern Ireland.
Almost 5,000 Police Service of Northern Ireland officers and civilian staff are taking legal action after the details of about 9,500 PSNI employees were mistakenly published last August in response to a freedom of information request.
The list included the surnames and first initials of every employee, as well as their rank or grade, where they were based and the unit in which they worked.
The PSNI later said the information had got into the hands of dissident republicans.