Active discussions

Meet the Other Phone. Flexible and made to last.

Meet the Other Phone.
Flexible and made to last.

Buy now

Please or to access all these features

Talk
Chat

Join the discussion and chat with other Mumsnetters about everyday life, relationships and parenting.

Original poster

Can I loose my job for breaching data protection?

131 replies

fershuuu · 26/08/2024 16:28

So I work for a company and we provide online learning courses.
Thursday I emailed 300 previous clients asking if they want to take part in another course.
I cc them all in by mistake so they all can see each others emails.
I've had a few emails back from them asking to speak with my manager as everyone can see everyone's email address and saying I've breached data protection.

Can I be sacked for this

OP posts:
InevitableNameChanger · 26/08/2024 22:51

rubeelum · 26/08/2024 21:05

Because the instant nature of email and electronic communications means you’re at risk of being sacked for making a simple clerical mistake. Because there is not one person here who hasn’t made a slip up at work particularly when under pressure. Because - I’m sorry - but revealing someone’s freaking email address should not be a disciplinary offence.

To add to that often the pressure itself to work quickly is created by Outlook. Bombarded by emails day in day out, expected to respond quickly. It never ends. Email has ruined my job for certain.

Show quote history

I actually agree with you

And any DPO should be mindful of that. And certainly the ICO is.

The goal should be for systems to be designed so that it is as hard as possible to accidentally have a data breach, not so that staff live in fear their entire time at work.

People shouldnt be being disciplined for being human and there does need to be some perspective about what is a serious breach.

InevitableNameChanger · 26/08/2024 22:52

InevitableNameChanger · 26/08/2024 22:51

I actually agree with you

And any DPO should be mindful of that. And certainly the ICO is.

The goal should be for systems to be designed so that it is as hard as possible to accidentally have a data breach, not so that staff live in fear their entire time at work.

People shouldnt be being disciplined for being human and there does need to be some perspective about what is a serious breach.

Show quote history

When I run DP training I always tell staff that I have sent an email to the wrong person too. Noone is so perfect that that hasn't happened

Greenkindness · 26/08/2024 22:59

InevitableNameChanger · 26/08/2024 22:48

it's for the DPO to report to the ICO not the op. Op needs to report to her DPO.

Show quote history

Yes I meant OP needs to speak up/report the incident to their manager (or DPO) as soon as possible as the clock is ticking.

Interested in this thread?

Then you might like threads about this subject:

General education
BobbyBiscuits · 26/08/2024 23:04

It is a breach and needs to be reported to your data controller. You say it's 'not the end of the world' but passing on confidential clients emails to other clients, inadvertently or otherwise could of course be very damaging. You simply can't cc, always bcc.
Obviously it was an honest mistake but do not minimise it when reporting to your boss. I'd imagine they'd give you some training and maybe a warning. But everyone makes mistakes so I doubt you'd be fired.
I suppose it also depends what the clients said to your manager. If they will lose business then it could get quite serious.
It does depend on your contract though, and the nature of your discipline procedures.

Rachel1509 · 26/08/2024 23:08

So many sensationalists on this post. Yes GDPR is serious, exposing someone’s email address is possibly the least serious of offences. By all means, express remorse for the error made but let’s not go crazy by thinking the ICO will hang, draw and quarter you. Anyone who is suggesting this that you don’t take GDPR seriously needs to check on themselves - shit happens, be real about its impact though!

InevitableNameChanger · 26/08/2024 23:10

Rachel1509 · 26/08/2024 23:08

So many sensationalists on this post. Yes GDPR is serious, exposing someone’s email address is possibly the least serious of offences. By all means, express remorse for the error made but let’s not go crazy by thinking the ICO will hang, draw and quarter you. Anyone who is suggesting this that you don’t take GDPR seriously needs to check on themselves - shit happens, be real about its impact though!

Agreed. Anyone suggesting this has clearly never actually reported breaches to the ICO

New posts on this thread. Refresh page