The Judicial Appointments Commission has admitted committing a data breach after failing to protect the details of job applicants.
The bungle occurred after 400 people applied to become salaried members of a First Tier Tribunal, for which they had to undertake an initial sifting test.
The JAC sent requests for references to applicants' referees, but in 137 cases it sent the requests to the wrong people. It meant hundreds of third parties who had been nominated as independent assessors were made aware of the identities of strangers who were applying for the position.
Part two of the omnishambles saw the JAC contact the right and wrong referees of applicants who had failed the initial test. It then emailed the referees a second time to tell the referees that, actually, their references would not be needed, and would they mind deleting the email.
"I was upset", a candidate said, "not just by the news that third parties had been told I had been unsuccessful, but the potential for gossip and damage to my reputation".
"I don't accept the assessors weren't told I was unsuccessful", added the applicant, "they can work it out. But, worse, now someone else I don't know, knows I and others applied".
A spokesperson for the JAC confirmed there had been a data breach regarding candidates' names, which it attributed to human error as a result of staff working from home.
"I can confirm that some independent assessors were initially provided with the name of the wrong candidate in a recent exercise", the spokesperson told RollOnFriday. "We have alerted the Information Commissioner’s Office who confirmed it was not on a level that needed to be reported to them and we are dealing with it locally".
She said the JAC was carrying out its own investigation under GDPR "to make sure this cannot happen again", and that it indicated that human error was responsible, "caused in part by remote working instituted in response to the COVID19 situation".