I have done something really bad at work. Meeting tomorrow to discuss it. So so ashamed and worried.

[daytimemom]

I am so ashamed. I have done something unforgivable at work. My stomach is churning. Just checked my work emails from home and saw one from my manager saying under no circumstances must I access a work database (will call it RED) and we will be having a meeting about it tomorrow.

RED is a new database I have just been given access to. It is an appointment booking database for work colleagues. Last week I was playing around on RED trying to work out how to use it as I needed to make an appointment for a colleague. I noticed I was down as a manager for a couple of colleagues on RED (I don’t manage anyone) so clicked on these colleagues names to see who they were. It brought up confidential info on them like address and date of birth. Accessing these colleagues details was my first mistake.

My second was clicking on my own name, I wanted to see what it said ie why I was down as a manager & in all honesty I was curious.

So by accessing my own record I have breached all our organisations information governance policies. I know it was wrong and I don’t know why I didn’t think about this at the time. So so stupid.

I now feel sick to my stomach. I am on probation so they could just sack me. How will I get another job with this on my record I know I have done something unforgivable but I don’t know how I will be able to cope with this

If this was in relationships it'd be called gaslighting

They're liable. Not you. They're laying the blame on you because they are shitting their pants.

I'm pretty senior in what I do and I have access to much more personal data than this. If I were given access I shouldn't have then I'd have no concerns about my job, it's the problem of the person who accidentally gave me access!

I agree, don't let them blame you, it's clearly there fault and if they start trying to blame you to suggest disciplinary procedures in anyway, ask to stop the meeting and get representation in - even if it's just a senior trusted colleague.

You clicked on someone's details because it said you were their manager. And you clicked on your own details.

Without training.

This is not your fault whatsoever.

Jesus.

Thankyou for all supportive comments. I’m sat at home shaking with no chance of sleep. I feel sick with worry. I know I have to go in tmwr but tempted to call in sick. But I know that would only make things worse.

I think the database manager should be more worried than you.

THIS ^

In spades!

Jesus have you read anything here? THIS IS NOT YOUR FAULT AND YOU HAVE DONE NOTHING WRONG.

OP in the very nicest possible way, you need to get a grip. And not pull a sickie

And to be fair, you don't even know if they are blaming you for anything! You've just been told not to access the system and to attend a meeting. You are putting the slant on it that you're at fault, they haven't yet.

Really isn’t your fault and you should be pissed off that if you were easily able to access data about colleagues that you shouldn’t have been, who has been able to access your data.

They have fucked up big time and by rights their data protection team should be investigating as to whether they need to notify your colleagues about THEIR fuck up whilst not naming you.

A sicky wouldn't make you feel any better. You will feel amazing relief once you face the meeting and know what you're dealing with. Just tell them what you said here.

Seriously. It. Is. Not. Your. Fault.

You do not need to be ashamed. You do not need to feel bad.

You DO need to grow a bit of backbone.

You can’t chuck a sickie. Read the thread, it’s nit your fault

The job of the it department/database designers is to make sure you cannot access things you shouldn’t...rather than trust you to know you shouldn’t click on a specific button (even if they’ve told you not to which they haven’t)...

It’s slightly different in nhs where people have to be allowed to search for patients and there’s no way to know who they might know/be nosy about...then it becomes a sackable offence that you are told not to do.

But in your situation it’s definitely not your responsibility to know what you shouldn’t do - the system shouldn’t let you!

Op, WTAF, seriously, WTAF?

I'd also have clicked on it, and they'd have heard me shouting from the rooftops about why the fuck they had screwed up the system and what were they doing to protect employee records.

You have done nothing wrong. Your manager is a fucking idiot. You were given incorrect access and no training.

This is 100 percent their fault. Go in there and ask what they are doing to protect employee data and if they have understood their error.

Surely accessing data about yourself can't be a data breach?

It absolutely can be. NHS staff are not allowed to access their own medical records, for example. If caught doing so they can be dismissed.

Are you reading the comments?

Don't let them pin this on you, take someone with you.

You have done nothing wrong.

On page 4 and can’t believe the poor advice being given.

Never really made a mistake at work before & I have been here 18 months so I should know better.

You need to be aware that you have no employment rights either. So whoever was calling unfair dismissal on page 2 was talking out of their arse, I’m afraid.

This is definitely not your fault OP. The meeting may just be to discuss the situation. You cannot be in trouble for this.

And if they are going to try and reprimand you for something so innocent do not stand for it!

Have a warm drink and get some rest.

Seriously? You have had loads of positive posts and ignored any questions like,do you work for the NHS.

In the nicest possible way; get a grip, go to the meeting with an open agenda (like what I, and many others suggested before) its a non issue with the blame firmly at their door less you work for the. NHS and took a nosey at yours and others medical files.

OP as we have all said if it's as you have described you are not in trouble.

However if you are so worried that you feel sick and can't sleep there must be more to it. What did you actually see? Was it sensitive data such as financial or medical information about your colleagues?

I

My advice (former Data Protection Officer for a regulated company)

Stay calm.
Accessing your own records is not a data breach.
Accessing the records of others (if not in your reporting line) is wrong, calmly explain you realise this and you are sorry. However you clicked on the 2 without giving as much thought as you should have and it was an error of judgement on the spur of the moment.
The company will probably be extremely worried because they should have prevented you from seeing this information - the company is responsible for protecting the information overall.

If they are calm and you get a chance to explain yourself there should be no further action (apart from they protect RED) - but try and remain calm and reasoned.

If they are aggressive towards you, ensure they understand that you believe they have committed a data security breach by not protecting people's data and by not providing you with training. Also stay calm and reasoned - although it will be more difficult.

Also jumping in to say you need to stop worrying. Can’t see how you have done anything wrong.

As a side note, does anyone know if it’s ok for a company to give out to all employees a list of everyone’s name, address, phone and email to all other employees? If it’s not ok now would it have been ok say 4 or 5 years ago?

Accessing your own records is not a data breach.

As has been explained, it absolutely can be.

If you haven't been trained in it before hey give you access and then your details are incorrectly allocated to manager then I'd say THEY are in the wrong.

It's not your fault you didn't know what you were doing....