I have received someone's disciplinary letter by email by mistake............

[Nailgirl]

So I've just opened my personal email account.
It is clearly Nail Girl @ gmail or whatever.

The email says "Dear Nail, as discussed details of the disciplinary for next week etc -see attachments" from Joan (insert another name).

Panicking -I hope the attachments as of course my first name is Nail.

Except this is a whole different person, name, address, medical details, and documents, OMG.

The email is signed off to her "best wishes for your wellbeing".

Not my company etc. -OMG.

I've emailed them back and said "Nail Girl is not Nail BonJovi -as should have been obvious from the email address. I suggest you contact Nail Bon Jovi pretty sharply and tell them that her confidential disciplinary stuff was sent to the wrong email. Obviously I opened the attachement due to the informal tone of the email that addressed me by my first name.

I will be printing off these documents tonight and posting them first thing in the morning to her address.

I asssume that this would be the right thing to do.

I find this thread interesting as I work in HR.....printing our and sending on to the individual is wrong and could make the individual even more distressed....receiving the information from a random stranger.

I usually send a test email to the individual and respond to that.

My organisation would report it to the ICO if required. I can see that individuals who don't deal with thus stuff on a regular basis really think it's a huge breach...the cases you read about where national insurance numbers, medical information and bank details are leaked are the ones that up there for the ICO.

Whilst it shouldn't have gone to the wrong person...the employee will not duffer a detriment as a result.

The individual knowing will not help their disciplinary case...they'll be told the matter has been reported as required....any action taken against the individual who sent it as far as disciplinary action would be confidential.

@PegasusReturns

I mean, it's unlikely that a prosecution would take place, but the point is that it is an offence.

Only and offence if the facts bring it within the scope of the Act as set out in s4....

Anyway I’m out. I’ve offered advice in good faith, the rest of you can continue linking to statutes that you don’t understand.

That's a shame. I would appreciate you providing further explanation, always willing to learn!

@movingonup201 you and another poster have referred to s170 and I have invited you to look at the scope of the same Act. I have referenced the specific section to look up - I’m not what else you’re looking for.

If you think that is rude and arrogant then so be it, it’s not my job to do your labour. You’ve come on a thread making wild assertions about the liability that a real person who has posted for advice might incur.

Does it not occur to you that might be distressing for the OP?

@ Pegasus returns
The op sounds like she wants drama in her life.

@PegasusReturns wild assertions? I have said if she does not delete the email it could be a criminal offence, how is that wrong? You're saying this case isn't within the scope of GDPR or DPA but how do you know that? If she works for the same company which is what I thought when I first posted then I don't see how it wouldn't be in scope? If she doesn't then I have apologised for my potential mistake (as I am uncertain as to whether it is in scope if she does not work for the breaching company, I already put my hands up to not knowing that) But no I really don't think the Op is "distressed" I think she is about to make a relatively small data breach much worse if she does not pause and listen to us.

Not sure how reliable this site is:

"Individuals can also face fines for GDPR violations if they use other people’s personal data for anything other than personal purposes."

myicaas.com/business/what-are-the-gdpr-fines-and-penalties-for-non-compliance/#:~:text=Individuals%20can%20also%20face%20fines,turnover%2C%20whichever%20is%20the%20greater.

Ffs. Just delete the email.
Get a life.

A wise woman once said: before you jump in to defend someone, 1st make sure you are not interrupting their karma.

It's interesting so many on here have already decided the intended recipient is a poor victim being ousted by her evil corporate bosses.... what if the opposite is true and this person is an absolute nightmare facing well earned justice?

The fact is, you don't know what's going on and you don't need to know. It's none of your business to intervene and due to robust employment laws it is actually REALLY hard to sack anyone unfairly without cast iron evidence. The fact the company are going to the trouble of an official disciplinary is proof of that and actually, a data breach on their part will only be relevant if the person concerned is being disciplined for a massive data breach and in most cases of this, if it was that bad it would bypass disciplinary and be instant dismissal.

You've emailed them back now stay out of it.

reply to say sent in error and delete.
I was once sent details of someone's new identity change for release from prison.

Yes send it. If theyre being sloppy while disciplining someone the someone deserves to know.

you don't know whether the address details are current and correct and you have no idea if the information will end up with the correct person

Exactly. And if the postal address is wrong then you've just compounded the issue and put yourself at risk of accusations/complaints.

OP, you've said you've told company and will tell ICO. That is right, and all you should do.

Movingonup21 . No need to be bad tempered and somewhat condescending “ of course people want to know” yes that is why I wrote that 😂. Also noted by Pegasus that you movingonup21 “You’re misunderstanding the law and circumstances and misrepresenting the position. It’s not helpful on a thread where people are already frothing”

I hope this gets sorted in a way that suits the person whose confidentiality was broken. That is all .

@Twinkled I haven't misunderstood the law or the circumstances, why are you quoting someone else's post when you've demonstrated you haven't a clue what you're talking about? I know the law very well, have acknowledged the gap in the circumstances with the limited information we've been given and seeing as Pegasus hasn't come back to demonstrate how I'm wrong despite asking her to do multiple times to explain why she thinks this is out of scope which she hasn't, so no I'm not going to concede I'm wrong.

OP, report it, delete it, that really is all that needs to happen, the process of the law will handle the rest.

Over and out.

This is so not OP's obligation to sort out.
Only get involved if you want to make it your problem.

How did they get your email address tho ... only spammers do that !

@movingonup201

If she works for the same company...then I don't see how it wouldn't

But she doesn’t work at the same company. She says that in her OP

I think if you print them etc you’re also in breach. Report to the ICO instead and tell them that’s what you intend to do (this forcing them to tell the employee).

Print them and send them as you first thought, you level the playing field that way

They have committed a breach of legally enforceable data responsibilities, that is extremely serious and should not be covered up
Unforgivable, and somebody should pay for including compensation for the victim

Amazed by all the patronising "calm down" responses from the people claiming to be Data Protection people and actual Lawyers.
Do your jobs.

I think you're doing the right thing Op - serious breach of GDPR so the person has a right to know and also inform the ICO.

If it's a legit government email I would have thought there would be information at the bottom about what to do if you've received the email in error. Usually something along these lines: "This email is private and confidential and may be legally privileged. If you have received this email in error, please send it back to us, and immediately and permanently delete it. Do not use, copy or disclose the information contained in this email or in any attachment."

@SOboredofcleaning

Ffs. Just delete the email. Get a life.

They have committed a breach of legally enforceable data responsibilities, that is extremely serious and should not be covered up
Unforgivable, and somebody should pay for including compensation for the victim

What loss has the 'victim' incurred that requires compensation? Even if ICO determined that this was a serious breach (which they wouldn't), the company gets a fine. It doesn't get paid to the person whose data was breached. There will be no compensation!

Def print it if and send it to the person. They will want to see it. It maybe that disciplinary is not warranted and trying to push out unfairlly.

because I quote someone else does not mean I do not understand doh . IT is because I cannot be bothered wasting more time on your banal comments. It is you that does not understand . Good luck with that