Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

William Murphy via Flickr

Email with personal details of girl found at GPO accidentally sent to member of public

The message contained specific details about the young teenager’s physical and mental wellbeing and a photograph of her in hospital.

Updated 22:00

SENSITIVE INFORMATION ABOUT a young teenager, who was found in a distressed state outside the GPO recently, was accidentally sent to the owner of a business that has a similar domain name to the HSE, TheJournal.ie can reveal.

The email, sent by the Psychiatric Nurses Association (PNA), was supposed to be received by members of the trade union within the HSE. It requested assistance in identifying the girl and contained detailed information about her, as well as a photograph taken at the hospital.

The business in question has a name that closely resembles the HSE’s and so its owner and employees have email addresses similar to those working for the public health body.

Speaking to TheJournal.ie, the owner of the business said he found it “quite distressing” to receive the email, which gave specific details of the girl’s physical and mental wellbeing.

“I’m a father myself and I got this photo of a child sent to me – I don’t know what to do with this,” he said.

A spokesperson for the PNA said the union was asked by gardaí to contact members to ask if the child had ever been treated by them.

“Gardaí were looking for our assistance and we were in a good position to possibly help in that way,” they said.

However he said the intention was to send the email out to a “confidential list” of people.

Sensitive information

The business owner said this is not the first time he has received sensitive information that was meant for the HSE and that he has contacted them about it in the past.

“I got onto them to get them to stop it but they wanted us to set up a system to gather all their emails and send them onto them and then contact all the people individually who sent us things,” he explained. “I think that should be up to them”.

Commenting on the incident, a spokesperson for the Data Protection Commissioner said it is “the responsibility of the sender organisation to ensure, especially when dealing with sensitive personal data, that they have the correct contacts”.

They said that they would expect an organisation which has inadvertently disclosed sensitive personal data to notify the commissioner’s office once they are made aware of it.

“If the breach was on the sender’s part, then it would be a quality decision for the HSE if it wished to engage with that company,” they added.

In a statement, the HSE said: “As confirmed by the Data Protection Commissioner the responsibility of data protection is on the controller and sender of the information, in this case the sender of the information was not the HSE.

“Should any action be required on the part of the HSE by the DPC the HSE will cooperate fully.”

First published 6am

Related: Girl found outside GPO may be a victim of sex trafficking>

Read: Eleven breaches of patient data at HSE hospitals in six months>

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
109 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds