| Information needed | Response |
|---|---|
| Title and link to statistical output | Cancer Staging – Impact of Covid-19 Based on Detect Cancer Early (DCE) Data 2018-2020 (previously titled Detect Cancer Early Staging Data) |
| Name of producer organisation | Public Health Scotland |
| Name and contact details of person dealing with report | Scott Wilson scott.wilson11@phs.scot |
| Name and contact details of Head of Profession for Statistics or Lead Official | Scott Heald scott.heald@phs.scot |
| Link to published statement about the breach (if relevant) | |
| Date of breach report | 19/10/2021 |
| Information needed | Response |
|---|---|
| Relevant principle(s) and practice(s) | T3 Orderly Release (Accidental or wrongful early release (Principle T3, Practices T3.3) |
| Date of occurrence of breach | 19/10/2021 |
T3.3 of the code of practice states that access to statistics before their public release should be limited to those involved in the production of the statistics and the preparation of the release, and for quality assurance and operational purposes.
As the above publication was being finalised in preparation for the pre-release access period and final quality assurance checks were ongoing with those involved in the publication, the draft report was accidentally sent to the wrong person.
The report was sent by Public Health Scotland to the Scottish Government correctly, however a colleague at the Scottish Government then accidently sent it to the wrong person. The draft report should have been sent to an internal colleague in the Scottish Government, though was sent in error to a colleague in NHS Highland who has a similar name. As a result, the wrong email address was selected and the report was sent in error.
The accidental email as sent at 19:13 on 18 October 2021 and a further corrective email was sent at 19:21 on 18 October 2021 (8 mins later). This issue was raised with PHS Statistical Governance on 19 October 2021.
The corrective email advised the recipient that the draft report had been sent in error and a request was made for this to be deleted and not circulated to anyone else.
The subject of these statistics does not include any patient identifiable data. No figures in the report are considered to be of any medium or high risk for statistical disclosure control as there are no small numbers and the report covers a wide population across the whole of Scotland. The incorrect recipient of the draft report is an NHS employee and therefore unlikely to cause any disclosure problems. Therefore, the likelihood of a successful disclosure attack is deemed to be nil to low.
The final report is due to be included for pre-release access to key stakeholders within the 5-day pre-publication period from 19 October 2021 and will be published in full on 26 October 2021.
The accidental email was sent to one person with a follow up email to instruct that this is deleted and not circulated, therefore we anticipate that only one person has unauthorised access.
There has been no communication received from any other colleague or member of the public on this incident at the time of writing.
With the above considered, the impact of this breach is low.
The Scottish Government and PHS analytical team communicated to send a corrective email within 8 minutes of the breach and therefore noticed and corrected the problem as quickly as possible.
The Statistical Governance team have since had communication with the analytical team to offer support relating to the Code of Practice for Statistics, though as this was a one-off incident there are no ongoing issues to resolve. The Statistical Governance team will continue to offer advice whenever required to any analytical team on any future publications.