Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • confusedabouteverything
    • By confusedabouteverything 2nd Jul 18, 10:02 PM
    • 9Posts
    • 1Thanks
    confusedabouteverything
    Can I be fired for breaching data protection?
    • #1
    • 2nd Jul 18, 10:02 PM
    Can I be fired for breaching data protection? 2nd Jul 18 at 10:02 PM
    Exactly as stated


    A friend of mine sent an email containing critical information and documents about a particular person to a person who wasn't that person.
    Last edited by confusedabouteverything; 02-07-2018 at 10:09 PM.
Page 3
    • Dizzy Ditzy
    • By Dizzy Ditzy 5th Jul 18, 1:00 PM
    • 16,773 Posts
    • 281,945 Thanks
    Dizzy Ditzy
    I haven't yet completed my mandatory GDPR training
    Originally posted by Ms Chocaholic
    That isnt an *excuse* - Data Protection Act existed right up until GDPR came in and it would still possibly be a sackable offence to send confidential information to an unrelated person
    I'm a board guide on Quick Grabbit while you can, Marriage, Relationships and Families, Health & Beauty Moneysaving, Greenfingered Moneysaving, Praise, Vents and Warnings, Consumer Rights and Sports & Fitness Moneysaving boards.

    I volunteer to help get your forum questions answered and keep the forum running smoothly. Any views are purely my own and are not those of Moneysavingexpert.com. I am a board guide and not a moderator and as such do not read every post. If you spot an illegal or inappropriate post please report it to forum@moneysavingexpert.com


    I used to be a queen, now I'm just me...
    • sangie595
    • By sangie595 5th Jul 18, 1:50 PM
    • 4,829 Posts
    • 8,133 Thanks
    sangie595
    Whilst I understand everyone's points about my friend essentially being an idiot. In his job he processes huge volumes of information per day, and emails are inputted by copying and pasting from a database. Each response is based on unique information and unique circumstance and I think errors do get made.

    Surely, this can't ruin someone's career
    Originally posted by confusedabouteverything
    The job generally isn't "copy- paste". The purpose of involving a human being is to include "proof read / check / recheck ". I'd lay bets the employer would agree - otherwise a computer programme could do the job. So yes, it certainly can be gross misconduct if he didn't check.
    • BBH123
    • By BBH123 5th Jul 18, 4:09 PM
    • 711 Posts
    • 1,353 Thanks
    BBH123
    This is interesting.


    My company is not taking this issue very seriously at all .


    Last week we had a case where customer contracts and credit score information was sent to the wrong customer. A senior director was then copied in to authorise the case and nothing was mentioned.
    Save 12k in 2018 challenge #14
    3700/ 10000

    Saving for Christmas 2018 - 1 a day challenge
    #15 120/365
    • sangie595
    • By sangie595 5th Jul 18, 4:19 PM
    • 4,829 Posts
    • 8,133 Thanks
    sangie595
    This is interesting.


    My company is not taking this issue very seriously at all .


    Last week we had a case where customer contracts and credit score information was sent to the wrong customer. A senior director was then copied in to authorise the case and nothing was mentioned.
    Originally posted by BBH123
    A company can decide not to take action, just as they can decide to take action. But no manager, no matter how senior, can "authorise" a data protection breach! How seriously a breach of consisted will depend partly on the approach of the company, what the actual breach is, and whether the affected individual(s) complain. But in the end, the company don't decide that it's "ok" - the ICO does.
    • BBH123
    • By BBH123 5th Jul 18, 4:25 PM
    • 711 Posts
    • 1,353 Thanks
    BBH123
    But if its not reported how do the ICO know


    Sorry the authorise was not for the breach it was to authorise the company failing a credit check.
    Save 12k in 2018 challenge #14
    3700/ 10000

    Saving for Christmas 2018 - 1 a day challenge
    #15 120/365
    • FBaby
    • By FBaby 5th Jul 18, 4:42 PM
    • 16,811 Posts
    • 41,502 Thanks
    FBaby
    Gross misconduct is not about neglect or intention of harm, it's about making a serious mistake that could have a serious impact on the company.

    Your friend made a serious data sharing error. It's a pity that he only realise the severity of it afterwards. You clearly still need to get to crisp with it. You might not agree with the legislation, but your views are not relevant to the matter.
    • sangie595
    • By sangie595 5th Jul 18, 4:44 PM
    • 4,829 Posts
    • 8,133 Thanks
    sangie595
    But if its not reported how do the ICO know


    Sorry the authorise was not for the breach it was to authorise the company failing a credit check.
    Originally posted by BBH123
    By law, companies are required to keep a register of data breaches. Certain breaches must, by law, be notified to the ICO by the company within 72 hours, and also to the individual concerned. If they don't then when the ICO catch them, and they will, then it will not end happily for them. The ICO can and do do spot checks on data holders, and they can fine companies heavily for not having sufficient safeguards even if there had never been a breach! Any company that thinks a run in with the ICO isn't to be avoided is crazy - it was bad enough previously, and the new powers make it even less desirable a contact.
    • BBH123
    • By BBH123 5th Jul 18, 6:39 PM
    • 711 Posts
    • 1,353 Thanks
    BBH123
    I have told my manager they need to take the issue seriously and not be so
    Blasse about it.
    Save 12k in 2018 challenge #14
    3700/ 10000

    Saving for Christmas 2018 - 1 a day challenge
    #15 120/365
    • scaredofdebt
    • By scaredofdebt 6th Jul 18, 1:38 PM
    • 1,044 Posts
    • 447 Thanks
    scaredofdebt
    You've missed my point.

    This would have been a breach under DPA going as far back as 1998.

    You don't have to be fully aware of all the rules of GDPR for this to constitute a data breach and potentially gross misconduct.

    Depending on the severity of what was lost and who it was lost to the employer will have 72 hours to notify any affected parties and inform the ICO of the breach even if accidental.


    If you accidentally lost 1,000 out of a shop till do you reckon you'd have the same leniency? If you accidentally left the handbrake down on a company car? If you accidentally forgot a important legal script on a phone?

    Data is valuable and sending a email to a wrong recipient is a data breach. How severe depends on the contents.

    If the employee is used to processing high volumes of information such as data input I'm guessing they would of had some form of induction training.


    There are more variables at play here than just sending an email to the wrong person.

    The contents matter (What data was lost, was it personal data, could it identify someone)
    How was it discovered/reported (Was it immediate, did the employee realise, was it after a complaint)
    etc
    Originally posted by AstroTurtle
    I completely follow. As there are large amounts of date going on here it's likely the employer expects mistakes to be made and they should have systems in place to mitigate.

    I used to work for a bank entering standing orders and was targeted to a 1% error rate, this included setting up a standing order on the wrong customer's account, which I did a couple of times. Didn't ruin my career as the employer realised people are not robots and will make mistakes.
    Make 2018 in 2018 Challenge - Total to date 1,629
    • AstroTurtle
    • By AstroTurtle 6th Jul 18, 1:42 PM
    • 185 Posts
    • 586 Thanks
    AstroTurtle
    I completely follow. As there are large amounts of date going on here it's likely the employer expects mistakes to be made and they should have systems in place to mitigate.

    I used to work for a bank entering standing orders and was targeted to a 1% error rate, this included setting up a standing order on the wrong customer's account, which I did a couple of times. Didn't ruin my career as the employer realised people are not robots and will make mistakes.
    Originally posted by scaredofdebt
    And back then the bank would probably risk not spending 1m on training people if they will only face a 500,000 fine maximum.

    The thought of losing 4% of their global turnover will now be the rocket up the a*** to make them take it more serious.

    The goal posts have changed and no-one wants to risk being the employee being caught in the middle.
    • scaredofdebt
    • By scaredofdebt 6th Jul 18, 2:05 PM
    • 1,044 Posts
    • 447 Thanks
    scaredofdebt
    I'm not sure how many millions it would cost to train someone to never make a mistake.

    The fact that breaches are supposed to be reported means they understand these types of things go on, I suspect the vast majority of breaches are not reported.

    OP, do you have targets and does that include an error rate? How serious was the breach, ie what was the data?
    Make 2018 in 2018 Challenge - Total to date 1,629
    • jimbo747
    • By jimbo747 6th Jul 18, 5:40 PM
    • 505 Posts
    • 1,350 Thanks
    jimbo747
    Our company sends out emails regularly, the odd mistake can and does happen especially if done manually via outlook for example and you're emailing johnsmith@gov.uk instead of john.smith.gov.uk. Last week a mail campaign went out to 200k people instead of the 1000 intended all because of one wrong filter in our email tool. If I had to sack a member of staff every time they made a mistake I'd have no one left. Would the ICO fine us for that? Not a chance.
    • AstroTurtle
    • By AstroTurtle 9th Jul 18, 8:47 AM
    • 185 Posts
    • 586 Thanks
    AstroTurtle
    Our company sends out emails regularly, the odd mistake can and does happen especially if done manually via outlook for example and you're emailing johnsmith@gov.uk instead of john.smith.gov.uk. Last week a mail campaign went out to 200k people instead of the 1000 intended all because of one wrong filter in our email tool. If I had to sack a member of staff every time they made a mistake I'd have no one left. Would the ICO fine us for that? Not a chance.
    Originally posted by jimbo747
    Depends what was on the email.

    You could be fined for spam emails to people who didn't consent to those emails which falls under PECR regulations.

    The ICO will fine for reckless actions and 199,000 emails incorrectly sent falls into that category if it contains or could of breached personal data.

    https://ico.org.uk/action-weve-taken/enforcement/

    Take a look at their enforcement page on the ICO website. They fine a lot of people on a regular basis.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

130Posts Today

1,605Users online

Martin's Twitter
  • Donald Trump has apologised and admits he said would when he meant "wouldn't" when siding with Putin over US inte? https://t.co/z1CRJSkEO1

  • About to watch #AckleyBridge on C4+1. I do enjoy it, even though I always feel somewhat stressed and depressed after watching.

  • RT @stevenowottny: 19/30 UK airports now charge you for spending 10 mins dropping someone off at the terminal - good investigation from @je?

  • Follow Martin