will I get suspended from work?

[redrose80]

NC so not identified and will change a few small details again so not to be identified.

I have been off work with anxiety for 3 months now due to bullying behaviour, all of which I can evidence in a very thick folder of emails I've printed out.

I have been getting lots of panic attacks due to the horrible behaviour and I'm not the only one who is being bullied, again which I can evidence.

I still had access to work emails, shared drive, intranet etc and used my time off to gather more evidence - email exchanges, examples of reports I had done that my manager has been taking credit for etc.

My union rep had told me to gather all the evidence I could for my grievance - which I submitted 2 months ago yet still don't have a grievance hearing date.

However, whilst gathering evidence, I totally accidently came across a large patient file on the shared drive. It has very confidential information which I won't go into obviously. It is not the NHS though.

I immediately reported it to the DP officer. The document has now been removed. This was 2 weeks ago.

Yesterday I got an email (to my personal account) asking me to meet on Monday with the area manager and an HR business partner. My union rep is coming with me.

Yesterday I discovered that my access to work emails etc has been blocked.

I am now utterly terrified of what is going to happen on Monday. Will I be suspended?

I haven't done anything wrong, I didn't go looking for that document, I was only looking for my own files. But they could turn it around on me couldn't they?

My union rep says I've done nothing wrong and they shouldn't be blocking my access but I am very scared.

I really need some hand holding and some advice from anyone who maybe works in HR, legal areas, in a union or what.

Oh and they say they've reported it to the ICO but I can't be sure that they have and there was no 72 hour patient notification that I could see either.

I've tried to keep this non identifiable so please don't out me if you recognise my story and apologies if I am vague in any follow up replies.

One other thing (apologies if you know this/have already done it) but you could also do a subject access review - so anything that's been written/recorded about you has to be sent to you

here's more about it

That could also add to your body of evidence.

Sorry you're going through this, I'd imagine it must be a horribly stressful time for you, which you don't need on top of the bullying

That's not necessarily true @Birdsfoottrefoil

You can be asked to attend disciplinary meetings when off sick - being unable to work doesn't mean you're unable to attend those meetings.

m.acas.org.uk/index.aspx?articleid=5629

"With long-term sickness absence, the employer still needs to consider the employee's right to put forward their case and balance that against the organisation's needs to carry out the procedure without unreasonable delay.
Although an employee may be off sick, he or she may still be able to attend a disciplinary hearing - and employers should consider making reasonable adjustments to facilitate this. This could include visiting the employee at home or meeting in a neutral venue.
If the hearing can't be postponed until the employee is well enough to attend, then the employer can, in exceptional circumstances, go ahead with the hearing in the employee's absence."

It's possible they've blocked all remote access for everyone while they resolve the issue and check it's a one off. So it's nothing to do with you being off.

That's the first thing my company would do in this situation.

That said I'd have a lot of questions to ask if an employee who'd been off sick long term was trawling through files while off. Email wouldn't concern me too much cos of the whole keeping in the loop thing, but files is a different matter.

Also a lot of companies have rules against storing documents anywhere other than their secure server. So moving things to your laptops hardrive, paper or a usb drive for the grievance could be breaching this.

Osirus
Assuming this is another op as iirc that one found files whilst at work.

Have a look into your employee handbook to see if that area is covered. Accessing and searching through the files whilst you are on long-term sickness might in there.

It honestly doesn't put you into a great picture if you are too ill to reply to emails but well enough to clearly build a file against work!

At least you might be the one reason they can use to block access from people who are away for more than a holiday.

This bit stands out to me:

Oh and they say they've reported it to the ICO but I can't be sure that they have and there was no 72 hour patient notification that I could see either

If you’re off sick then you shouldn’t be looking at things like this. You reported the breach and should have left it at that. You have obviously gone back on afterwards to see whether there was a notification.

I only say this as at my work we are only allowed to access information/records if there is a business need. I would be disciplined if I logged on and looked something like this up whilst off sick.

I think you should not have been checking your email and using the system. You’re not working, and I think they could argue that that fact removes your authorisation to view the system. You don’t have a genuine business need to view those records.

It’s one thing accessing your email once to gather some evidence to support your grievance, but trawling through the system and checking up on things as if you are working is not on - especially where you have patient confidentiality issues to consider.

There are strict timings for dealing with grievances. Speak to Acas.

Revoking your access is probably a result of the data breech. You’ve mentioned that people off sick don’t have their access revoked, but they have likely changed their policy BECAUSE of the breech. Makes sense.

I know how awful a bullying, toxic work environment is. I won’t go into the details because I will be here allll day but I found myself in a similar situation. In the end I made the very tough decision to quit on my own terms and take the company to tribunal. I had no savings lined up, and I was extremely lucky to get by with selling bits on eBay until I got a new job 4 weeks later.

It was the best thing I ever, ever did.

Good luck!

I’m sorry you are going through this. I had a similar experience some time ago, I got a new job with much nicer people afterwards. You will feel much better working in a different environment

sorry, I was in the shower

I can't access any grievance, sickness or IT policies now but from memory there is nothing about accessing / saving documents remotely whilst off sick or on annual leave.

I was told by my union rep (and ACAS) to gather evidence whilst off sick to support my grievance - things like email exchanges, and evidence of my work.

I know that there has been no patient notification for reasons I can't go into as it identifies me but doesn't involve any wrong doing.

The patient file is not the only data breach here. Information concerning an employee is being downloaded from the system and stored in another employee’s home in a paper file. How does the law balance the rights of individuals to gather evidence of bullying with the rights of the accused bully?

someone at my work got her laptop taken off her as she kept accessing work stuff when off for an operation recovery went on for a long time), there was no warning etc but they did it for her own good (workaholic).

I think you will be okay as the document was stored in a shared drive wrongly, it's not like you were accessing patient records on the system.

@fancyapint

That's the thing, it should never never NEVER have been stored on a shared drive.

What I saw is really personal and distressing. Think of the most vulnerable health situations and safety situations. It's just awful.

I'd never in a million years share what I saw but other colleagues might have seen it and not said anything and kept the info?

Didn’t you post this a couple of weeks ago? I see that you’ve changed a few details today, but the basis of the story is the same.

Unfortunately, no one here can ultimately confirm either way if you’ll be suspended, as we don’t know your employer or its policies and procedures. You may wish to consider posting in the Employment section which tends to attract employment experts as I fear you may get a lot of opinion in AIBU that might not necessarily be helpful to you.

This is really similar to a thread a few weeks ago. OP off on sick leave looking for information about a grievance, found a spreadsheet with sensitive information about herself and other employees. The OP then saved her own copy and allowed her husband access to it. If this is the same person and the company have found evidence that the file was saved, that could be a reason for action I would guess.

I did not keep any copies or share with anyone.

This is the first time I've mentioned this

Being unfit for work doesn't mean being unfit to check emails (but not respond).

Except that it does. If anxiety is keeping you off work, checking emails certainly won’t be good for your mental health. Any emails about your grievance should come to a personal email address or be done by letter if you are off sick.

Our company will shut you down if you work whilst sick, as they should.

What I saw is really personal and distressing. Think of the most vulnerable health situations and safety situations. It's just awful.
You were snooping. You shouldn’t have read it. Don’t pretend you had to, to know what was in it. If it wasn’t your work, you had no reason to open it, but once you did, when you saw it wasn’t your business, you should have closed it.

I can't access any grievance, sickness or IT policies now but from memory there is nothing about accessing / saving documents remotely
Whether off sick or not, any decent system will flag up unusual activity. Opening and saving large numbers of documents from the system can lead them to suspect you are stealing company data.

I’m not sure why “gathering evidence of work” would be anything other than saving a couple of files. You did way more than that, which is a red flag for IT.

I know that there has been no patient notification for reasons I can't go into as it identifies me but doesn't involve any wrong doing.

Identify you? That sounds unlikely. You've continued to look at things not your business. Company know it and have shut you down.

I have no idea if they will suspend you, but it sounds as if you have given them grounds to be suspicious.

So my view as a hearing manager:

They may have removed everyone’s access when you reported the breach and they have removed your access as a duty of care as you mentioned anxiety and bullying in your grievance (as you’re off sick and they want you to get better)

I can’t see any reason they would suspend you if you’ve used your access in an appropriate way (which it seems)

Have they invited you to a hearing? Perhaps the meeting is a last ditch attempt at resolving matters informally.

It sounds like you’re going through a really difficult time, my advice would be to think about what a good outcome would be and make sure the HR rep knows about this. Please make it realistic also, many people bring grievances thinking they will get others sacked, in my experience it happens very seldom.

Do you want to return to work?

If you are too ill to do your job how are you well enough to be logged onto work files finding evidence for your grievance

Its pretty standard for most places with secure remote access for people to keep in touch or respond when off sick. Can't think of a single one of my clients where I've ever heard of it being blocked.

If you don't like working there move on

And do nothing about the bullying culture? Just leave it unmentioned for the next victim? And if the bullying causes long term MH problems then its a workplace injury just as it would be if someone broke a leg falling over poorly organised equipment.

The data breach is a fault by the company innappropriately storing sensitive data, not the OP, unless it can be demonstrated they were seeking patient information.

But yes this is remarkably similar to a thread a few weeks ago. That said, being off with stress is not uncommon in some organisations.

I think @Yabbers middle point has it and that may well be why you’re worried about this. I also can’t see why you’d access it if you were looking for reports you’d written as per your OP.

What I saw is really personal and distressing. Think of the most vulnerable health situations and safety situations. It's just awful

I suspect they can see how long you accessed it for. If you opened it by mistake it would have been shut within seconds. How could you know so much detail if you did that? That's likely the reason for the meeting as it doesn't look good if it wasn't open for more than a few seconds.

I agree with IceCream here.

You read on long enough to know it was really personal and distressing and that it contained information on the most vulnerable health and safety situations.

In other words, you knew you were reading a file that you shouldn't be, regardless of whether you accessed it by mistake or not.

You reported a breach of personal data. They have to report this to the ICO. They're not reporting you, they're reporting themselves for allowing the breach.

While they're investigating the breach, the sensible thing to do is to block access. If you've got access to on document, how many other documents have you access to? It doesn't matter how honourable you are, they have a duty to other patients not to leave open an insecurity. Look at it from the other side - if someone said to you "your personal information can be accessed by one of our home workers, but don't worry, she's perfectly trustworthy and I'm sure she won't read it" - how would you feel?

None of this is personal. Take advice from your union rep, and try to worry a bit less.

@redrose80 yes that's my point you didn't access the computer system to look at this person's records you randomly came across it becasue it was wrongly on the shared drive therefore not your fault, if anything it is very lucky you found it so it could be removed, you took appropriate action.