We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Possible GDPR Breach?
Agamemnian
Posts: 4 Newbie
Hi
The company I work for appears to have given my personal private phone number to their clients. I became aware fo this when one of them called me yesterday for help on an issue they were having. I have never given my permission for this to be given out and was under the impression the numbers listed in our internal systems would never be shared and were for internal use only. As I understand it this is a GDPR breach. Am I right? If so would there be a basis for a claim here? I still have the voicemail and I found at least one email where my private phone number was shared with clients.
The other sticking point I have is I just signed a settlement agreement with my employer as I'm in the process of being made redundant and this has a clause in it where I cannot make claims against them, but not sure if this covers GDPR breaches as I'm not sure it counts as an employment claim.
Any advice?
The company I work for appears to have given my personal private phone number to their clients. I became aware fo this when one of them called me yesterday for help on an issue they were having. I have never given my permission for this to be given out and was under the impression the numbers listed in our internal systems would never be shared and were for internal use only. As I understand it this is a GDPR breach. Am I right? If so would there be a basis for a claim here? I still have the voicemail and I found at least one email where my private phone number was shared with clients.
The other sticking point I have is I just signed a settlement agreement with my employer as I'm in the process of being made redundant and this has a clause in it where I cannot make claims against them, but not sure if this covers GDPR breaches as I'm not sure it counts as an employment claim.
Any advice?
0
Comments
-
A claim for what, have you made a financial loss?0
-
It's going to depend on the terms of your settlement agreement, which we can't see from here. But I doubt any claim would be significant anyway.0
-
The clause in the redundancy letter is likely related to the redundancy process only, it would be difficult from a legal standpoint for them to apply one universally. That being said, you appear to have no grounds for any claim, the most that would happen in a situation like this would be that the ICO would issue them with a written warning.Agamemnian said:Hi
The company I work for appears to have given my personal private phone number to their clients. I became aware fo this when one of them called me yesterday for help on an issue they were having. I have never given my permission for this to be given out and was under the impression the numbers listed in our internal systems would never be shared and were for internal use only. As I understand it this is a GDPR breach. Am I right? If so would there be a basis for a claim here? I still have the voicemail and I found at least one email where my private phone number was shared with clients.
The other sticking point I have is I just signed a settlement agreement with my employer as I'm in the process of being made redundant and this has a clause in it where I cannot make claims against them, but not sure if this covers GDPR breaches as I'm not sure it counts as an employment claim.
Any advice?0 -
There's no claim, but you can report to the ICO if you really wanted to. However, it will be too minor a breach for them to look at.
The realistic thing to do is to move one and forget about it.0 -
Formally complain to your employer. You can try a GDPR claim but unless you've suffered a loss, you aren't going to get compensation.0
-
In most places I've worked you have to give your personal contact details that are stored by HR and only accessible by them. In addition there is a company address book, normally on an Exchange server somewhere, which holds your work telephone, email etc. In some cases where people have elected to use their own mobile they can self enter that number into the system.
What system did they get your number from?
Who entered your personal number into that system?
Can you tell from the system which numbers are personal and which are corporate?
What is the purpose of that system?
Have you read the companies data policy and/or privacy statements? What does it state about sharing data?
Personally, I do put my own mobile number in my email signature and also, where possible, in the directory. I would expect that directory to be used in a way that if a Client phoned and they couldnt transfer them to me that they give them my number from the directory as thats the purpose of the directory and why I put my number in it.0 -
Not always true with the GDPR. I believe there have been cases where there was an entitlement to compensation just because of the breach and without the need to have suffered an an actual loss.Aylesbury_Duck said:Formally complain to your employer. You can try a GDPR claim but unless you've suffered a loss, you aren't going to get compensation.
That said the settlement agreement may well prevent this if the breach happened before the agreement was signed.
As others have said, the OP could complain to the ICO who might (but probably won't) slap the employer's wrists.
OP - What are you hoping to achieve here? Even if there is a claim that can be made it will be minor, as will be any penalty the ICO might impose.
Old Chinese proverb - Before setting out for vengeance first dig two graves!1 -
https://ico.org.uk/your-data-matters/data-protection-and-journalism/taking-your-case-to-court-and-claiming-compensation/Undervalued said:
Not always true with the GDPR. I believe there have been cases where there was an entitlement to compensation just because of the breach and without the need to have suffered an an actual loss.Aylesbury_Duck said:Formally complain to your employer. You can try a GDPR claim but unless you've suffered a loss, you aren't going to get compensation.
The GDPR gives you a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law. This includes both “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress).
You must have suffered damages, they just dont have to be material, so similar to PSLA claims for injuries... you havent necessarily lost money because someone broke your arm but you can claim general damages for the pain. With GDPR most claims will be under the banner of "distress" but most are clearly going to be token
1 -
Interesting to learn that there have actually been cases.
How many have there been and what amounts of compensation were awarded because of the breach and without the need to have suffered an an actual loss?0 -
I'm not necessarily interested in a claim against them as I know its's highly unlikely that it would be worth pursuing.
So the status is they wanted us to stay until June, I had the agreement changed to state June or an earlier mutually agreeable time.
I'm wondering though if I can use the fact this breach has happened as leverage against them to help me leave earlier and specifically retain my bonus in December (which I have to be employed on the 24th December to get). Perhaps garden leave.
I want out as soon as possible, but not without my December bonus.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.7K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards