Disciplinary for gross misconduct.

FutureGirl

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

Brie

So for a noble cause supposedly.  That might mitigate some blame.  

How sure were you that it was NSPCC?  By that I mean - did someone ring up and say "Hi I'm Bob from NSPCC and need X's number"?  Or did someone jump through various hoops and gave you a number that you could look up and ring back?  

Marcon

FutureGirl said:

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

Why give it at all and why give it without checking with your manager or someone else at a more senior level? That's important - any suggestion that you didn't check because you were worried about getting the answer 'no' won't help your case.

Brie

Marcon said:

FutureGirl said:

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

Why give it at all and why give it without checking with your manager or someone else at a more senior level? That's important - any suggestion that you didn't check because you were worried about getting the answer 'no' won't help your case.

Sometimes organizations (or scammers) will state loudly "do you really want a child to suffer!?!?!?!?!" which is rather frigtening.  If this is what happened you should say so.  That you were intimidated into doing something you wouldn't normally do is something worth mentioning.

YBR

Have you been given any training/guidance about what to do when GDPR bumps up against Safeguarding situations?

So often Safeguarding trumps everything else that it is very hard to say no. None the less you should have escalated.

I think there is a mitigation worth mentioning here.

OP, All the best in this situation.

fatbelly

FutureGirl said:

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

I remember a similar case where a CitizensAdvice worker did this and was dismissed. It went to tribunal as an unfair dismissal and the employee won iirc.

If you can locate the case, or use a professional to do that, the tribunal's reasoning my be useful

housebuyer143

Tricky one because it's a clear GDPR breach that you then didn't report, but stackable offence, hmmmm. Let's be honest I am sure lots of people have done similar? My old company never gave any GDPR training and I know for certain information like that was given out. 

As others have said, write it down matter of fact and if you can't say it (because I have been there when you are so angry or upset you can only cry), you can pass them the paper to read themselves. Your years probably won't go in your favour because you should have know assuming the company has training on this but you can say you made a mistake and put any mitigating factors down that will probably help. 

Undervalued

FutureGirl said:

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

As far as I am aware the NSPCC (like the RSPCA) have absolutely no statutory powers, although they like to give the impression that they do. So although the fact that the data breach was to the NSPCC might be seen as mitigation, technically it isn't.

To be honest, this all depends on the firm's policy / view. Some companies would treat this as very serious indeed whilst others may be sympathetic or laid back about it. 

Undervalued

fatbelly said:

FutureGirl said:

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

I remember a similar case where a CitizensAdvice worker did this and was dismissed. It went to tribunal as an unfair dismissal and the employee won iirc.

If you can locate the case, or use a professional to do that, the tribunal's reasoning my be useful

It could well be that this was on a technicality, in that the employer hadn't correctly followed procedure or that the actual breach was considered so trivial as to only be misconduct and not gross misconduct. 

There certainly are plenty of examples of any misuse of personal data being treated as gross misconduct, regardless of the motive.

In law, all the employer needs is to have made a reasonable (layman's) attempt to conduct a fair investigation and hearing and to form a "reasonable belief" that the misconduct took place. Having done that then dismissal needs to be within the range of sanctions a "reasonable employer" might choose. 

If they fail on any of those points but there is still little doubt that the misconduct took place, although the dismissal would technically be unfair if would lead to little if any compensation as the employee would still be seen as the author of their own misfortune.

Unless the OP has a sound defence the best advice would be to admit their mistake and rely on remorse and mitigation based on many years of excellent service.

x_raphael_xx

Undervalued said:

FutureGirl said:

I had given the telephone number to NSPCC to assist in a welfare check. Thank you for your input all.

As far as I am aware the NSPCC (like the RSPCA) have absolutely no statutory powers, although they like to give the impression that they do. So although the fact that the data breach was to the NSPCC might be seen as mitigation, technically it isn't.

To be honest, this all depends on the firm's policy / view. Some companies would treat this as very serious indeed whilst others may be sympathetic or laid back about it. 

In our place of work, we can't give info to the police without a Data Release Form, even if they come into the building in uniform with badges etc