Clinical research company Lakeside Healthcare Research, has been carrying out trials for a new type of COVID vaccination (Valneva) at 27 sites in the UK.
At the Corby study site, the research team contacted the participants via email to invite them for a booster vaccine. But the email sent to each participant mistakenly included the email address of all the participants.
Unfortunately, Corby’s research team did not use the BCC function when sending the email.
A participant in the study commented:
“Within that email they copied every single person who has been on that trial. You could see everyone’s personal email address.
“It’s personal information and it’s absolutely disgraceful. If you’re taking part in a medical trial you don’t always want people to know that.
“There were people responding saying ‘yes count me in’ and they were completely unaware.”
The email was later recalled. Therefore, people who did not open the email would no longer be able to view the contents. However the people who did open the email would have access to everybody else’s email addresses.
Dr Amardeep Heer, director of research and innovation, said:
‘Regrettably an email was sent out to participants of a vaccination project being run by the Lakeside Research Team, based in Corb, with all email addresses visible, rather than blind carbon copied, as is the required and normal method.
“The Research Team, which is a separate entity to the Lakeside Surgery, took immediate action, apologising to participants and asking them to delete.”
Needless to say, it is of outmost importance that staff working for organisations handling people’s personal data are appropriately trained in data protection and privacy compliance. This is particularly the case when sensitive medical information is being stored and processed.
If your private information has been breached and this has caused you distress, you might be able to claim compensation. Get in touch and one of our specialists solicitors at DRM Legal will advise if you have a valid data breach claim.