We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

Old manager shared my last appraisal externally and internally (apparently in error?)

Options
Hi

Any advice on how I can handle this please?

I am 3 weeks in to my new job and recieved a call from my former manager who said that she needed to confess something to me. Apparently she had gone to send a document to someone external to their organisation (copying in my previous team members) and accidently (?!) also attached my last appraisal from this job! The mistake was pointed out to her by one of my previous colleagues and she then attempted to recall the email but we are unsure who opened the attachment as this was a couple of days later.

So potentially, 3 former colleagues and an external recipiant have had access to my last appraisal which should have been confidential.

This is made even more embarassing by the fact that a) in this apparaisal it was documented that I was struggling with menopausal symptoms and issues within my team and b) that I have known the external recipitant in both a semi personal and professional capacity for 8 years!

I am not sure what my next steps should be, I am really embarassed,

Many thanks

Comments

  • DullGreyGuy
    DullGreyGuy Posts: 12,125 Forumite
    First Post First Anniversary Name Dropper
    Options
    What outcome do you want? Those that received it and read it before the recall cannot unread it.

    Assuming you want compensation for the embarrassment then you should raise a complaint with the Data Protection Officer of your previous employers and probably worth highlighting in that complaint that the information included highly sensitive information (medical details) and not just personal information. 
  • biscan25
    biscan25 Posts: 452 Forumite
    First Anniversary First Post Name Dropper Combo Breaker
    edited 19 August 2022 at 3:03PM
    Options
    What the manager should have done, was send a further email requesting that the recipients delete the email, and confirm that they have done so. Then report the incident to the ICO if the incident meets the threshold for this, and be prepared for consequences if there are any consequential damages to the data subject.
    It's quite possible the attachments weren't read, or they stopped reading when they saw it wasn't intended for their eyes, so I wouldn't worry unduly.
    Pensions actuary, Runner, Dog parent, Homeowner
  • Marcon
    Marcon Posts: 11,505 Forumite
    First Anniversary First Post Name Dropper Combo Breaker
    Options
    abi52uk said:
    Hi

    Any advice on how I can handle this please?

    I am 3 weeks in to my new job and recieved a call from my former manager who said that she needed to confess something to me. Apparently she had gone to send a document to someone external to their organisation (copying in my previous team members) and accidently (?!) also attached my last appraisal from this job! The mistake was pointed out to her by one of my previous colleagues and she then attempted to recall the email but we are unsure who opened the attachment as this was a couple of days later.

    So potentially, 3 former colleagues and an external recipiant have had access to my last appraisal which should have been confidential.

    This is made even more embarassing by the fact that a) in this apparaisal it was documented that I was struggling with menopausal symptoms and issues within my team and b) that I have known the external recipitant in both a semi personal and professional capacity for 8 years!

    I am not sure what my next steps should be, I am really embarassed,

    Many thanks
    I can understand your embarrassment, but it doesn't sound as if there is really anything to be embarrassed about. You know the external recipient, who will hopefully just have hit the delete button after the first few sentences - but even if they didn't, what real impact does it have on anything, including your relationship with them? As for menopausal symptoms...20 years ago that would have been a taboo topic, nowadays it's on every radio and TV programme and in every newspaper, plus any amount of media coverage/promotion of the topic. 

    Unpleasant, but making a major issue out of it is only going to distress you. Your former manager had the decency to ring and tell you, rather than staying quiet (which might actually have been better!) or hiding behind an e-mail.
    Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!  
  • Undervalued
    Undervalued Posts: 8,998 Forumite
    First Anniversary Name Dropper First Post
    Options
    biscan25 said:
    What the manager should have done, was send a further email requesting that the recipients delete the email, and confirm that they have done so. Then report the incident to the ICO if the incident meets the threshold for this, and be prepared for consequences if there are any consequential damages to the data subject.
    It's quite possible the attachments weren't read, or they stopped reading when they saw it wasn't intended for their eyes, so I wouldn't worry unduly.
    Oh come on! In the real world....

    Sadly, as soon as attention is drawn to something like this people who wouldn't have given it a second thought pay attention!

    I do agree though that whilst it is commendable that the manager put their hand up it might have been better if they hadn't.
  • Ivrytwr3
    Ivrytwr3 Posts: 6,285 Forumite
    Name Dropper First Post Combo Breaker First Anniversary
    edited 20 August 2022 at 8:54AM
    Options
    Why does your appraisal  "document that I was struggling with menopausal symptoms"?!

    In my organisation we cannot mention any health issues, these are dealt with separately. 

    This is a Data Protection Breach - 1st steps are recalling the email, informing receipients to delete > reporting to ICO/informing the Data Subject.

    Your old boss isn't 'confessing' - she is legally obliged to do so.

    https://ico.org.uk/global/contact-us/live-chat/

    https://ico.org.uk/make-a-complaint

    Your employer, as a data controller, has a responsibility to adhere to data protection law. If they fail to do so, it could result in a breach of data protection at work. In some cases, you may be able to seek compensation.However, you must prove that you sustained mental harm or that your finances were affected in some way due to the breach.

    Get some specialist advice to see your options.
  • prowla
    prowla Posts: 13,389 Forumite
    Name Dropper First Anniversary First Post
    Options
    Your previous employer broke the law.
    The question is where do you want to take it?
    I'd expect any legal action and resultant compensation would yield little outcome.
  • macman
    macman Posts: 53,098 Forumite
    Name Dropper First Post First Anniversary
    Options
    If embarrassment is the only loss you have suffered, then isn't pursuing an action for compensation going to cause you more embarrassment than letting the matter lapse?
    There is no way for them to remedy the error, so compo would be the only thing you could achieve.
    What resolution are you actually seeking?
    No free lunch, and no free laptop ;)
Meet your Ambassadors

Categories

  • All Categories
  • 344.7K Banking & Borrowing
  • 250.6K Reduce Debt & Boost Income
  • 450.4K Spending & Discounts
  • 236.9K Work, Benefits & Business
  • 610.7K Mortgages, Homes & Bills
  • 173.8K Life & Family
  • 249.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards