Received email not meant for me - GDPR?

[ThatCurlyGirl]

Eek I've received a whole email thread not meant for me.

It's from my accountant but they've sent it to me by mistake as first letter of my name is the same of the recipient he meant to send to.

I read it because we are going back and forth on a similar topic at the moment so initially assumed it was for me.

Usually I'd just let him know and delete but in the thread the other client (that is was meant for) is arranging a repayment plan as a close family member has recently died - it mentions this in detail and specific financial information too.

I have had to do a similar plan and also disclose medical information to agree a repayment plan since my accident and would be cross if my information was shared with another client of theirs.

Especially because we are in a small industry and while I would never dream of mentioning the details to other people IRL, I would be gutted if it had been sent to someone gossipy who then disclosed info to other people.

I don't really know what I'm asking - should I let the accountant know and leave it there? Is this a breach of GDPR? If the other client is struggling with money already would she have any claim to help her out if they were found to have breached GDPR?

Not really sure what I'm asking - I guess whether I should do anything or just delete and leave it completely?

It's a mistake. Just let them know you got it and delete and forget about it.

You could raise it with the ICO where serious incidents are escalated. But most would inform the sender of the mistake and delete the email from both your inbox and trash.

You need to let the accountant know. This happened to me, though I was the victim not the recipient. My entire medical history was e mailed to a random person because they misspelt the email address. All that happened was the company reported the breech to the information commissioner.

Me, the person whose medical history is out there in someone else's hands, along with all of my identifying information, just has to live with it.

Let them know and ask what their policy it. Understand that as humans we do make errors. But you admit reading the letter even when you knew it wasn't for you. Would have been best to stop when you realised and revealed and await and trust their investigation.

I have had this issue at work as I share the same name with someone in HR so our email addresses are very similar - I normally send an email to the sender saying 'hey, be careful, this isn't for me, I've deleted the email and treated it as confidential' (more professionally of course!) Hopefully it will make people check more carefully and won't happen again.

It's a mistake, personal error will happen regardless of GRDP. Just delete it.

It's a mistake. Just let them know you got it and delete and forget about it.

^this

Human error is inevitable. Good systems have checks in place to minimise the risk and/or impact of human error.

So yes, tell them. If it’s an isolated incident that will be the end of it. If it’s happening regularly, that is a sign they need to amend their system. Personally if this happened once I would tell the company, if it happened twice from the same company I would report to ICO.

At the end of the day, they have passed someone else’s confidential information to some random person, and they are fortunate that OP is a fine upstanding citizen rather than a crook who will sell that information on to others who will use it for nefarious purposes.

What you need to do to safeguard data depends on the likelihood of breaches happening, and the severity of the possible consequences if they do.

I would reply to let them know what's happened and hopefully they'll take care that it doesn't occur again.
A social worker once meant to email some reports to her own personal address and sent them to me instead. They were very intimate reports on children and I was completely shocked to receive them. I immediately replied to tell her and she went ballistic at me, telling me to delete them and was just plain rude. If it happened now I'd instantly report her for a breach of GDPR.

You shouldn’t have continued reading once you realised it’s not for you.

Now you need to inform the sender, delete it, confirm to the sender that you’ve deleted it. An accountant will be heavily regulated so should be scrupulously following GDPR reporting requirements once made aware.

Just inform the company, delete the email and get on with you life.
If the other client is struggling with money already would she have any claim to help her out if they were found to have breached GDPR? Everybody is after a bloody compensation claim nowdays.

fgs don't be an arse, just delete it and tell them

So yes, tell them. If it’s an isolated incident that will be the end of it. If it’s happening regularly, that is a sign they need to amend their system. Personally if this happened once I would tell the company, if it happened twice from the same company I would report to ICO.

Mixture of replies but I think the above is the best bet as I think the sender will be mortified, I'll just let the sender know that I deleted when I realised it wasn't meant for me.

@Processedpea

But you admit reading the letter even when you knew it wasn't for you. Would have been best to stop when you realised and revealed and await and trust their investigation.

The email address is only four letters different to mine so I didn't even notice the email address as "to" someone else when I opened it. I am on the same repayment plan down to the penny as it's a monthly instalment plan for their fixed fee so assumed it was a continuation of my very similar conversation with them. And I am on the repayment plan because my accident left me unable to work so the language is very similar "sorry to hear of your stay in hospital" etc. Hence the trail was very similar to mine. As you say, human error I didn't realise right away before scanning it over thinking it was to me. Hopefully they haven't sent other peoples to the wrong recipients too.

I had a seizure last night so maybe with a less cloudy head I'd have realised earlier. I thought it was meant for me until I saw the word describing their family member. I didn't read it for any other reason.

Thanks for your advice.

Everybody is after a bloody compensation claim nowdays.

God I dread doing stuff like this. We've got about 5 clients called Phil and I'm always paranoid I will send it to the wrong one.

Inform the accountants and hopefully you might get a bit knocked off your bill :-)

Report it to them, they need to record it. But there's no need to involve the ICO unless you feel they don't take it seriously. It's human error, but they should be recording the incident and learning from it nonetheless to prevent bigger incidences from happening.

Deleted it right away and have now let sender know. Sorry if anyone feels I've acted poorly here, with all the GDPR talk recently I just wanted to know the right thing to do.

Anyway all sorted now so nothing else for me to do.

Thanks again.

This happened to me, but I was the sender and it was back in the day when things were done on paper. I can't describe the feeling of absolute horrified sickness and panic I felt when I realised, it was awful. The kindness of the receiver in personally coming to my workplace, handing it over and saying, "not for me but don't worry, I haven't read them" overwhelmed me and I cried with relief in the toilets! I told my line manager but I don't think it went further. And I never ever made such a stupid mistake again. Hopefully the shock of realising what they've done will be enough to stop it happening again.

When you report it, check if they have sent your details to the other recipient...?

Would you like to be reported for making a genuine error at work?

Tell them not least because if you received the email the intended recipient didn’t . And then delete .

getback- it happened to me as the 'victim'- my solicitor sent out conveyancing docs with mortgage offer details etc. to the vendor of the house I was buying (who then opened it in error). The vendor let me know and I then let the solicitor know.
I took the docs back personally as they needed signing and returning- and I was passing- and the poor solicitor was nearly in tears over it. I was never going to consider taking it further.
I think it is really quite mean to report things like this tbh.

Would you like to be reported for making a genuine error at work?

But that error could have serious implications for the victim.

Companies need to have systems in place to protect sensitive information.

The company that sent out my records in error password protected the document. Great you would think. Except that they e mail the password out. So the document and password were both sent to the incorrect email account.

Apparently now the send a test email first, then send the document and text the password.

Also consider whether the other or any other person may have received information intended for you.

Mistakes happen. The information commissioner may slap them on the wrists but unless this is frequent nothing will happen