I have done something really bad at work. Meeting tomorrow to discuss it. So so ashamed and worried.

[daytimemom]

I am so ashamed. I have done something unforgivable at work. My stomach is churning. Just checked my work emails from home and saw one from my manager saying under no circumstances must I access a work database (will call it RED) and we will be having a meeting about it tomorrow.

RED is a new database I have just been given access to. It is an appointment booking database for work colleagues. Last week I was playing around on RED trying to work out how to use it as I needed to make an appointment for a colleague. I noticed I was down as a manager for a couple of colleagues on RED (I don’t manage anyone) so clicked on these colleagues names to see who they were. It brought up confidential info on them like address and date of birth. Accessing these colleagues details was my first mistake.

My second was clicking on my own name, I wanted to see what it said ie why I was down as a manager & in all honesty I was curious.

So by accessing my own record I have breached all our organisations information governance policies. I know it was wrong and I don’t know why I didn’t think about this at the time. So so stupid.

I now feel sick to my stomach. I am on probation so they could just sack me. How will I get another job with this on my record I know I have done something unforgivable but I don’t know how I will be able to cope with this

Also, stop being so angry at yourself. You haven't let anyone down, you weren't purposefully trying to look at people's info, you would never reveal or discuss anything you saw or use it maliciously.
You tripped into something, it's like overheating a private conversation by accident, hardly your fault

Looking at your own records isn't a data breach. Looking at others will be.
Actually in a hospital it is. I cannot access my medical records without a formal request like any other member of the public. It's taken very seriously.

Also in the financial services industry, also in HR/payroll, DVLA, HMRC, local authority, DWP.......

You were given access and were clicking around trying to figure out how to
Use the new system.

It wasn't you who loaded confidential information on the system and then gave people access to it.

Totally not your fault.

You have not messed up, they have!

Stop using these words ashamed etc about what’s happened. You logged on with your own login and password, not someone else’s. The fact that some employees are assigned to you is their fault not yours.

I would not be going in acting as if it s your fault, it is not. The system has not been set up properly. Do not take any blame for this.

A well set-up system will not allow you access where you shouldn't have it.

(I'm not happy about blaming the DB manager without evidence, though - they may be giving access as requested by others; I manage user access for thousands of uses, and I have to rely on other people requesting the right access for their job role, because I can't know what every individual does.)

Do try and get some sleep - things will be harder to deal with if you don't rest

I don't want to derail the thread but could someone please explain how accessing your own medical records, even as an NHS employee, is a data breach? Surely you have a right to see your own medical records?

OP, as many others have already said, you have done very little here that could be worthy of any sort of disciplinary for you. Hope all goes well this morning and you managed to get some sleep.

Lemon - you do have a right to see your medical records but only in a controlled way, i.e. via a Subject Access Request. This has to be reviewed by a doctor before the information is released as it’s not always appropriate to see everything that’s been recorded. Rightly or wrongly, information can be withheld.

Thanks Elle. I thought maybe that was it. I deal with SARs at work but in terms of child protection so I can withhold info that would put a child at risk but not much else. I didn't think that would apply so much to personal medical records!

Dont let them put it all on you.

Why are you ashamed. This is on them not you and I think you are massively overthinking the outcome.

If they were confidential they would have been inaccessible. They weren’t.
Say that this is what you presumed. In retrospect you realise that this isn't the case, but at the time that was your thought process.

If you go in (mostly) confident, but ready to admit that you know it was a mistake, then they should accept that that was all it was. They shouldn't have enabled you access, and provided the training necessary for you to realise what opening those links would reveal. It would be helpful if you make a note beforehand of the names you did click on. It's unlikely that there's any actual record and that 'IT' or whoever have just realised themselves that they've set you up with the wrong access. They will want to be confident that you haven't copied/exported the data at all. 18 months is a long time to be on probation... you do at least have a lot of good history there (not just a month or two!).

Let us know how it goes OP. Hopefully it's just a misunderstanding and the meeting is because they messed up!

Not your fault.

I don't want to derail the thread but could someone please explain how accessing your own medical records, even as an NHS employee, is a data breach? Surely you have a right to see your own medical records?

If you make an appropriate request like everyone else, yes. Accessing it because you have access as an employee is an abuse of position and can be gross misconduct. (Have not long fired an NHS member of staff for just that.)

I have access to all of the employee information for the organisation because I work in HR. If I start rooting around the payroll system/employer files to see where the Chief Exec lives and what he gets paid I can and should be disciplined for it. Just because I have access doesn’t mean I’m entitled to use it as I want to.

It's not just the NHS. If I looked into my HR records at work without formal permission, I'd be risking the sack, too. Sometimes I think about requesting permission just out of curiosity.

I did cover that higher up.

If you worked in a banking call centre and looked at your own records you’d be fired too.

It’s not out of the ordinary to not be allowed to access your own/colleague’s data even if the system allowed you to.

If you work in a bank you have access to every account, but youre not allowed to view your own/relatives/ colleagues without good reason ie serving them. Same for eg social housing. You wouldn’t be allowed to snoop on tenancy accounts of people you know, even though you have full access.

There’s many other establishments that this would apply to. In my experience atleast, it’s always been considered gross misconduct (whether or how you get caught is a different matter though!)

We’ve all made mistakes but the OP didn’t do it accidentally, and she knew she shouldn’t regardless of who else made mistakes in granting access.

If you put in to physical terms, think if someone left petty cash around and a colleague borrowed it. Yes, the person who left it out would be in the wrong, but that doesn’t mean the person who took it is faultless.

OP your saving grace maybe that you didn’t receive training, and you were left to your own devices, so I do hope things work out.

But a pp mentioned unfair dismissal, in the worst case scenario. I don’t think this would apply if you’re only on probation, especially.

But a pp mentioned unfair dismissal, in the worst case scenario. I don’t think this would apply if you’re only on probation, especially.

It wouldn’t because she has less than 2 years service. Passing probation may provide contractual benefits but is a red herring where employment rights are concerned.

(Which is why getting employment law advice from the “chat” part of this forum isn’t a good idea!)

Any update on the meeting OP? I hope you went into work and didn't skive off to avoid it. I think that would put you at much greater risk of losing your job, especially if you are new and still on probation.

Update: got into work, manager said she’d had an awful day at work yesterday over RED. I waited for her to say it was because of me but IT WASNT. She said she had been trying to book an appointment on RED for the same person I had been trying to book (hence playing around on the system, noticing I was down wrongly as a line manager for people, clicking on the user guide etc) and when she contacted the RED manager for help explaining how I had also had problems using the system the first thing RED manager said was:

“Why on earth does daytime mom have access to RED” line manager replied “she needs it for her job and you gave her access”.

My manager explained to RED manager that I had been using it last week trying to work out how to book an appointment. This resulted in RED telling my line manager that I should not have access to it, should never have been given access to it, and to not let me access it again. My line manager who also has access now has to request permission to access RED.

I told line manager about me being down as a manager & I said I had clicked on the names and my own name to figure out why. She was very understanding & said no blame was being apportioned to me.

I am so relieved but have learnt my lesson.

Thankyou all for the support. Will sleep better tonight.

A great update OP!

So basically what everyone on the thread told you then

Glad it’s sorted, have a big cup of tea to celebrate.

Good news. See how everyone was right?