I have done something really bad at work. Meeting tomorrow to discuss it. So so ashamed and worried.

[daytimemom]

I am so ashamed. I have done something unforgivable at work. My stomach is churning. Just checked my work emails from home and saw one from my manager saying under no circumstances must I access a work database (will call it RED) and we will be having a meeting about it tomorrow.

RED is a new database I have just been given access to. It is an appointment booking database for work colleagues. Last week I was playing around on RED trying to work out how to use it as I needed to make an appointment for a colleague. I noticed I was down as a manager for a couple of colleagues on RED (I don’t manage anyone) so clicked on these colleagues names to see who they were. It brought up confidential info on them like address and date of birth. Accessing these colleagues details was my first mistake.

My second was clicking on my own name, I wanted to see what it said ie why I was down as a manager & in all honesty I was curious.

So by accessing my own record I have breached all our organisations information governance policies. I know it was wrong and I don’t know why I didn’t think about this at the time. So so stupid.

I now feel sick to my stomach. I am on probation so they could just sack me. How will I get another job with this on my record I know I have done something unforgivable but I don’t know how I will be able to cope with this

I received no training. The email giving me access said to read the help guidelines on the site which is what I was doing as well as clicking on records. I was trying to get an idea about what to do.

My ignorance is no excuse. I shouldn’t have been accessing other colleagues data but I didn’t understand why those records were there.

All sounds very fishy to me. Has your manager even heard of GDPR? If not, suggest they Google it at your meeting tomorrow. Sounds to me like the manager is at fault giving you access to data you should never had access to in the first place.

You'll be fine they'll give you s warning

You had no training and have been given the wrong level of access, I would have assumed an error in my job title and clicking 1 name would bring up an organisational chart not their personal information!

It's either an error by the data manager their in the process of rectifying. Or, you've failed an important test on how you deal with confidential data and honesty.
To be honest if it's the latter, and you admit you were curious, the appropriate thing to do would be to flag the breach to your boss immediately. Not have a nosy first.

What everyone else says. The mistake was made by whoever gave you incorrect permissions to the database. That's one of the main features of these sort of software systems. A gazillion different levels of permissioning - which can be a pain at times because of the hoops you need to jumo through to get extra permissions you might need but necessary .

I doubt they'd even be justified in giving you a warning tbh

OP, have they said what type of meeting this is, is this a disciplinary meeting? Are you a member of a union?

If you are worried you need to take a union rep or colleague in with you. Have a look at .gov website re this or Citizens Advice.

As others have said, I wouldn't worry too much. The only question is I guess is whether you are at a level that gives you certain access but requires you not to access certain records. For example a friend of mine once got in to trouble as she works for the NHS and accessed her mother's record.

I will apologise and admit my mistake. I just feel so ashamed. I should have just left RED alone and asked for some training.

1. You should have had training.
2. The data should not have been available for you to view in thr first place

If they sack you it would be unfair dismissal.

I really don’t think you’ve done anything terrible, you need to stop panicking.

No, you shouldn’t have been given access. That wasn’t your fault. The mistakes weren’t made by you. I imagine you didn’t know what would
Be opened when you clicked on your colleagues name? You should have been denied access and the system security should have prevented it. It was not set up correctly and I don’t think it was unreasonable for you to look at it further.

I would take the ‘do not look’ as a ‘shit! Don’t look! We’ve got a problem’.

Hopefully the meeting will be to clarify what it is you should have access to.

I really don’t think this is your fuck up.

I don’t see how this could be your fault tbh - we have a database like this and I would have good reason to click on a colleagues name to see their timetable (school). If it’s a scheduling programme then of course you’d expect clicking on a name to show up a work diary or something. Why are personal details even on there?

Be careful they aren't trying to make you the fall guy for their mistake in terms of training and incorrect access.

Can you take someone with you to the meeting to take notes?

Maybe ask for this to be moved to employment issues for some knowledgeable advice. Hopefully I'm overreacting but I'd just be really cautious.

Initially, a meeting with my manager who is really nice. That makes it worse, I feel like I’ve let her down.

I hope you're worrying over nothing, OP.

OP, are you sure this email hasn't been sent to everybody?

Tell them that you were exposing their errors. You are not to blame. If they give you access to information, they shouldn't be surprised you used it. Don't apologise. It's their fuck up. They know that hence the urgent meeting, asking you not to access the database so that they can change your permissions.

Agree with what’s been said above, this is not your fault. You were given access to a system and then asked to use it to perform a specific function on it with no training. And you clicked the names presumably expecting an org chart to pop up, as you were confused as to why you appeared as their manager, not with the intention of accessing confidential data. The fault lies with whoever granted you access, gave you the wrong permissions and then failed to train you. Do you have a union?

You were being proactive and trying to solvecan issue someone else caused.

The person who gave you access should get the rollicking not you.

And you're always able to submit an info request about your own data so that can't be a problem.

Really, stop worrying.

If you go in telling everyone it’s all your fault you’re making yourself vulnerable.

I think it’s best to say ‘I don’t know why I was given access as that level? Can you explain why?’ Don’t be defensive but equally don’t take the blame.

I would put money on them shitting themselves right now.

Under GDPR they have massively screwed up by having a system where you can access any one elses details!

I’d be tempted to say you thought they were names of fake employees for you to work out how the systems works and follow through the user/training guide. They were names you didn’t recognise, who are you to know different

My first thought was also GDPR! Totally not your fault!

It is them who gave you access to this information.

If they discipline you for accessing it, fight it all the way.

I’d try to hold off apologising/grovelling. It’s whoever set up RED who is at fault for allowing you to access confidential information. Human curiosity dictates that you would click on your own name and want to know why you were down as manager. Your work has fucked up, not you. Don’t take the blame for their mess.

I agree, can't see what you personally have done wrong here but I can plenty of things the organisation has done wrong.

You have been given access to RED but no training, guidance or documentation as to what you can or can't do or even what kind of data the system actually contains.

You accessed RED to carry out tasks related to your job and looked at staff data related to you and two colleagues erroneously listed as reporting to you. If there is confidential staff data on RED that is not relevant to your job then you should not have been able to access it to start with.

The system is not at all secure as it is. It is just like giving you a ring-binder full of pages and telling you to use it. You open the folder and turn over a page to find out it's confidential data and are then reprimanded for looking at it. You can't know what's on a page /screen until you have already turned it over/clicked through.

You really shouldn't be reprimanded fir this. You should be apologised to.