Irvings Law’s Data Breach department claims it was instructed by several employees of Center Parcs following a member of their staff emailing a spreadsheet entitled “Housekeeping Brief”.
According to Irvings, it was in fact a spreadsheet containing personal information relating to 1,670 other Center Parcs employees at their Woburn Forest complex.
Irvings claims the personal information included employees's:
- Home address
- National Insurance number
- Personal email address
- Date of Birth
- Contact Telephone number
- Hourly rates of pay
A spokesman for Irvings Law’s Data Breach department, said: "A subsequent email from Center Parcs confirmed that the said error occurred ‘through human error’. As a result, all 1670 employees had suffered a breach of their personal information.
"Following their admission of their data breach and before (department head Mr Matthew) McConville was instructed, Centre Parcs attempted to brush their significant breach under the carpet by inviting all affected employees to a meeting whereby it was confirmed that £50.00 would be paid into their next wage packet as a goodwill gesture following the said data breach. Thankfully, some of the affected employees rejected this and wanted further specialist data breach advice and that is why they came to Mr McConville."
In a statement Center Parcs apologised for the error but insist the due processes were followed and no action was taken after they reported the error to the Information Commissioner's Office.
"Unfortunately in November 2019, as part of a routine internal communication, personal data relating to colleagues at Center Parcs Woburn Forest was shared in error with other colleagues at Center Parcs Woburn Forest," a Center Parcs spokesman said.
"As soon as we became aware of this we contacted all colleagues affected to inform them of the situation and reported the communication to the Information Commissioner’s Office, who reviewed the circumstances and confirmed that no action was to be taken against the business.
"We take the protection of all personal data extremely seriously and have put measures in place to ensure this does not happen again. At the time of the error, we apologised to those employees affected and offered them access to an identity protection service to provide further reassurance that their personal data has not been misused."