MORE than 2,800 Gwent residents are among 18,000 across Wales to have their personal details accidentally published online after testing positive for coronavirus.

Public Health Wales has revealed that on August 30 the personal data of 18,105 Welsh residents - including 2,855 in Gwent - who tested positive for coronavirus was accidentally uploaded to a public server where anyone using the site could search for it.

The breach - which Public Health Wales have blamed on ‘individual human error’ - was removed 20 hours later on the morning of August 31, and had been viewed 56 times.

Data involved in the breach, in 16,179 of the cases, included initials, date of birth, geographical area and sex - risk of identification from this information is low.

But 1,926 of the cases in the breach are people living in nursing homes or supported housing - or people who share the same postcode as these settings - so the information includes the name of the setting. Risk of identification for these people is higher, but still considered low.


Chief Executive of Public Health Wales, Tracey Cooper, said: “We take our obligations to protect people’s data extremely seriously and I am sorry that on this occasion we failed.

“I would like to reassure the public that we have in place very clear processes and policies on data protection. We have commenced a swift and thorough external investigation into how this specific incident occurred and the lessons to be learned.

“I would like to reassure our public that we have taken immediate steps to strengthen our procedures and sincerely apologise again for any anxiety this may cause people.”

The Information Commissioner's Office and Welsh Government have been informed.

Public Health Wales have commissioned an external investigation, which is being led by the Head of Information Governance at the NHS Wales Informatics Service.

They have also taken immediate action; establishing an Incident Management Team to instigate remedial actions which have already resulted in changes to their standard operating procedures, so any data uploads are now undertaken by a senior member of the team.

In Gwent, the number of cases involved within this breach are as follows:

  • Newport - 910
  • Caerphilly - 808
  • Monmouthshire - 394
  • Blaenau Gwent - 378
  • Torfaen - 365

Anyone concerned that their data, or that of a close family member, may have been breached should read the FAQs on Public Health Wales' website, then e-mail if they have any additional questions.

People can also call Public Health Wales on 0300 003 0032 to discuss their concerns.