I have done something really bad at work. Meeting tomorrow to discuss it. So so ashamed and worried.

[daytimemom]

I am so ashamed. I have done something unforgivable at work. My stomach is churning. Just checked my work emails from home and saw one from my manager saying under no circumstances must I access a work database (will call it RED) and we will be having a meeting about it tomorrow.

RED is a new database I have just been given access to. It is an appointment booking database for work colleagues. Last week I was playing around on RED trying to work out how to use it as I needed to make an appointment for a colleague. I noticed I was down as a manager for a couple of colleagues on RED (I don’t manage anyone) so clicked on these colleagues names to see who they were. It brought up confidential info on them like address and date of birth. Accessing these colleagues details was my first mistake.

My second was clicking on my own name, I wanted to see what it said ie why I was down as a manager & in all honesty I was curious.

So by accessing my own record I have breached all our organisations information governance policies. I know it was wrong and I don’t know why I didn’t think about this at the time. So so stupid.

I now feel sick to my stomach. I am on probation so they could just sack me. How will I get another job with this on my record I know I have done something unforgivable but I don’t know how I will be able to cope with this

Surely accessing data about yourself can't be a data breach?

Surely they shouldn't have given you access?

peaches it is where I work. I think accessing my colleagues data is too. Although I clicked on their names as it said I was their manager and I had no idea who they were.

Sensitive data should not be accessible without passwords/security. If you could randomly access something you shouldn't, I think the database manager should be more worried than you.

The person that gave you the wrong access is surely in the wrong here. Also, who trained you?

Sounds to me as if the database is showing unacceptable levels of info and they are telling you (and everyone else) to keep away until htis is rectified. Bet the meeting is for everyone who has access, not just you.

They have emailed and told you not to access something after you’d already accessed it?

Did they not tell you it was oob beforehand?

Looking at your own records isn't a data breach. Looking at others will be.

No training. I was given username and password because I needed to access RED to book appointments for some colleagues. My manager in her email said I would no longer be allowed to do this part of my job.

I know I have done something unforgivable but I don’t know how I will be able to cope with this

Yes you’ve been bloody stupid but no one died. Wait and see what tomorrow brings. I agree that I don’t see how accessing your own data is a data breach?!

I think they have committed a Data Protectjon Act breach by failing to keep confidential information confidential.

They have not properly safeguarded the information. Were you given Data Protection Policies when you joined? Were you told how the information about you was kept confidential? (They have to tell you this by law.) Was the information they were keeping about you necessary?

I think they have a big issue.

To discipline you for IG breaches you should have received training before you you were let loose on it.

In some areas (healthcare IT is one) you definitely aren’t supposed to access your own records or indeed anyone’s without good reason.

It doesn’t sound like you were aware of any of this though so you should be in the clear. Are you in a union?

The new data information says you can see your own data. Sorry if I am wrong.

Just checked my work emails from home and saw one from my manager saying under no circumstances must I access a work database (will call it RED) and we will be having a meeting about it tomorrow.

I’d assume this is because they have realised the error with the system and want to avoid being able to see stuff while they figure it out?

To be fair, all you did is access information that had been made available to you. It's not like you found the filing cabinet key and had a good nose. Especially as it was a new system you were trying to learn. Don't be too hard on yourself.

Their error in giving you access to areas you shouldn't have access to, and in not giving you training before letting you loose on the system. They need to review their procedures.

Why on earth do you have access when you aren’t suppose to? Sounds like an IT fuck up and that’s how I’d play it. I was looking around because I believed my access would not work in areas that were against company policy. I am baffled as to why my password allows me to view my own data, if that is against company policy? Can you please clarify, etc.

Yes you did something daft bit in all fairness most would assume that it would be set up in a way you can only access what you should be able to, i would say you where just having a flick through trying to get your head around navigating red and had no idea you would be able to access information you had no business accessing. This should highlight that whilst it was a boob on your behalf but also a huge error on theirs!

Their fuck up, not yours.

They need to be v careful how they play this with you - if you whistle blew to the ICO then they could find themselves in deep water.

Yes, if you knew it was wrong you need to apologise and hope to make amends, but if this is such a potentially sensitive database why were you left to 'have a play around and work out how to make an appointment'? Any secure database (eg NHS patient records) I've had to use for work I've had training and clear procedure in place. Who was in charge of making sure you had this before you got access?

Have they actually said you're in trouble? Or are you just assuming based on the fact that you're being denied access and having a meeting? The meeting could be about the data protection aspect rather than you personally and the non access could be so that they can tighten up the system.

Did you click away from your colleagues info immediately?

Did you tell them or has it been discovered subsequently?

Stop feeling bad and start feeling angry. Find your confidence. This wasn’t your fault. It was confusion.