We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Can I be fired for breaching data protection?
Options
Comments
-
confusedabouteverything wrote: »So an honest mistake is gross misconduct?
Your question has been answered. If he didnt report it to his manager then yes he is heading in the direction of gross misconduct.
If it happened today, then you should tell your friend to report it tomorrow to his manager, if someone else does it for him then he will be losing his job.0 -
Ms_Chocaholic wrote: »I haven't yet completed my mandatory GDPR training :eek:
You should do it ASAP just to be sure you dont accidentally do something that breeches GDPR. regarding my comment on your last comment, i actually posed that scenario to the GDPR coordinator thinking that as long as the email was sent to the wrong person WITHIN the company, we would be okay... but no, its not the case.
Egg shells is all im going to say.0 -
'to a person who wasn't that person' - you mean the wrong person, I presume. Did you follow the appropriate procedures to report a DP breach?confusedabouteverything wrote: »Exactly as stated
A friend of mine sent an email containing critical information and documents about a particular person to a person who wasn't that person.0 -
Yes, the email was sent to the incorrect person.
I believe they reported the breach to their line manager.0 -
There are still so many unknowns it's difficult to give a definitive answer, but on the face of it sending personal information to a 3rd party who had no right to the information could certainly be viewed as gross misconduct.
If the 3rd party was outside the organisation it would almost certainly be viewed even more seriously. If it was sent internally, to the wrong manager for example, it might be viewed less seriously, although both scenarios are potentially gross misconduct.0 -
It would depend what the information is.
Yes there was a breach but what the punishment will be will vary.
If it's someone's medical records then I would start looking for a job straight away.
If it was a day to day document of no real interest then they might get away with a warning and extra training.Changing the world, one sarcastic comment at a time.0 -
You, or your 'friend' certainly *could* be fired. They've been there less than 2 years so can be dismissed for any non-discriminatory reason.
Even if they had been there longer, disclosing confidential information (even in error) can absolutely be a firing offence, particularly when it breaches data protection and leaves the employer open to sanctions .
Whether they *will* be fired is a question only their employer can answer, but making sure that they have notified the appropriate person, and showing that they understand how serious a matter this in and that they will be much more careful in future may reduce the likelihood of them losing their job.
A lot may depend on what was sent, and who to.All posts are my personal opinion, not formal advice Always get proper, professional advice (particularly about anything legal!)0 -
It would depend what the information is.
Yes there was a breach but what the punishment will be will vary.
If it's someone's medical records then I would start looking for a job straight away.
If it was a day to day document of no real interest then they might get away with a warning and extra training.
In the worst case scenario (such as medical records) then there is also the possibility of prosecution to go along with being fired. That's the sort of thing which would show up on any background check for a future job.
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/11/warning-for-workers-after-charity-employee-is-prosecuted-for-data-protection-offences/0 -
It's the employer's responsibility to ensure staff are trained adequately, especially where data protection (GDPR) is concerned, so it may be the employer at fault. However, some employers don't accept their responsibilities and sack people as its easier.Make £2018 in 2018 Challenge - Total to date £2,1080
-
scaredofdebt wrote: »It's the employer's responsibility to ensure staff are trained adequately, especially where data protection (GDPR) is concerned, so it may be the employer at fault. However, some employers don't accept their responsibilities and sack people as its easier.
“a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service”.
From the ICO (Information Commissioners Office)
What consistutes a breach hasn't changed under GDPR. What has changed is how much you stand to lose from one.
In terms of blaming an employer and training.
If i hired someone, i wouldn't expect to have to give them training in not sending emails to the wrong people. That is basic.Save £12k in 2019 -0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.7K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.4K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards