I have received someone's disciplinary letter by email by mistake............

[Nailgirl]

So I've just opened my personal email account.
It is clearly Nail Girl @ gmail or whatever.

The email says "Dear Nail, as discussed details of the disciplinary for next week etc -see attachments" from Joan (insert another name).

Panicking -I hope the attachments as of course my first name is Nail.

Except this is a whole different person, name, address, medical details, and documents, OMG.

The email is signed off to her "best wishes for your wellbeing".

Not my company etc. -OMG.

I've emailed them back and said "Nail Girl is not Nail BonJovi -as should have been obvious from the email address. I suggest you contact Nail Bon Jovi pretty sharply and tell them that her confidential disciplinary stuff was sent to the wrong email. Obviously I opened the attachement due to the informal tone of the email that addressed me by my first name.

I will be printing off these documents tonight and posting them first thing in the morning to her address.

I asssume that this would be the right thing to do.

It’s a breach of GDPR and will have to be looked in to.

*I will be printing off these documents tonight and posting them first thing in the morning to her address.

I asssume that this would be the right thing to do.*

I work in data protection and this is absolutely not the right thing to do. The only thing you should be doing is reporting the error to the company and deleting the email. The rest is up to them.

Also, this isn't a major data breach, for those overreacting on this thread. Human error is exactly that, this kind of thing happens. Not ideal by any means, but it doesn't demonstrate any major systemic or process failing on the part of the company, so even if you report the incident to the regulator (presuming you're in the UK, the ICO) they're very unlikely to do anything.

Whether the company choose to tell the colleague what happened or not is also down to them and whether they consider that there's any particular action the individual might need to take to protect themselves as a result of the breach. So for example, if a retailer experienced a breach of payment card details, they'd almost certainly tell affected customers to give them an opportunity to cancel the cards.

Most emails from businesses contain the following message...

"The information contained in this communication is privileged and confidential. The content is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by telephone or e-mail, and delete this message from your systems."

I copied and pasted that from an email I received today. I don't think you should be printing and posting it.

Ffs. Does everything on here have to be such a “thing”??

Reply. Delete. Job done.

I work in a large law firm. Sometimes these mistakes happen. We have processes to deal with them. No one is “disciplined” for accidentally typing an incorrect email address, for goodness sake. And for the record, we always tell the affected individual and we don’t hush anything up.

As for “she has a right to know” - dry the fuck up. You don’t know this person. She might be a poor innocent victim. She might have her hands in the till to feed her eyeliner habit. Not everything needs to be a fucking crusade.

Listen to rottiemum88 - they know their stuff!

I would forward it to the correct person.

This is a massive, massive breach of GDPR! They deserve to know.

@rottiemum88

*I will be printing off these documents tonight and posting them first thing in the morning to her address.

I asssume that this would be the right thing to do.*

I work in data protection and this is absolutely not the right thing to do. The only thing you should be doing is reporting the error to the company and deleting the email. The rest is up to them.

Also, this isn't a major data breach, for those overreacting on this thread. Human error is exactly that, this kind of thing happens. Not ideal by any means, but it doesn't demonstrate any major systemic or process failing on the part of the company, so even if you report the incident to the regulator (presuming you're in the UK, the ICO) they're very unlikely to do anything.

Whether the company choose to tell the colleague what happened or not is also down to them and whether they consider that there's any particular action the individual might need to take to protect themselves as a result of the breach. So for example, if a retailer experienced a breach of payment card details, they'd almost certainly tell affected customers to give them an opportunity to cancel the cards.

This is what I'm going to do. Company already knows. ICO will know in the morning.

I was only going to print off the emails and post them to her -so she was aware. The email address is genuine.

I work for a government body and have been through a disciplinary, grievance process and legal claim this year.

I would 100% want to know about this and I would not trust my organisation to let me know.

OP should definitely tell the other person.

God how empty must some people’s lives be to make such a drama out of something so painfully mundane

@SixesAndEights

I would forward it to the correct person.

This is a massive, massive breach of GDPR! They deserve to know.

Have a look at the ICO website under recent enforcement action, it'll blow your mind...

I’m a softy though and I’d feel sorry for the person that sent it and just delete it 😂

@KittyLuna

God how empty must some people’s lives be to make such a drama out of something so painfully mundane

Absolutely this

Also to those saying that knowing about it will help the employee’s disciplinary case are barking up the wrong tree entirely.

Just because the email looks legit, doesn't mean it is, emails can be hacked, intercepted and spoofed.

Don't print the documents and post them, if it is a genuine email, you are just compounding the data breach. You have no reason to post them, you don't know whether the address details are current and correct and you have no idea if the information will end up with the correct person.

It is not your responsibility to send the documents to the correct addressee, that is down to the company who sent it. If you do speak to the ICO tomorrow, I am 100% certain they will tell you to not send the documents anywhere, but to inform the company who sent them that you have received them in error and then to delete the email. Don't forget to also delete from your deleted item so a copy does not remain on your laptop/phone.

@GrumpyHoonMain

This is a known scam. Report it to Action Fraud and if someone replies asking you to put your details in a ‘registry’ don’t do it

I've googled and can't find anything about this particular one?

I do not think that printing and posting the files is the right thing to do. If I were the intended recipient I’d feel terrible to receive such a package, and to know that someone else is now privy to my transgressions. You will just make things worse. You need to contact the sender, delete the files and leave them to sort out their mess.

I was only going to print off the emails and post them to her -so she was aware. The email address is genuine.

If you are determined to contact the person, don't print off the emails, just send a letter listing what you have received without actually sending the documents.

That way if the address is current and correct the person will know that a data breach has occured, but won't have her personal details and sensitive medical data being posted out.

@Feministicon

I’m a softy though and I’d feel sorry for the person that sent it and just delete it 😂

Normally, I would too, but this is a disciplinary and I feel more sorry for any employee going through that.

I would make damn sure she knew how the company she worked for had breached the data protection act.And advise her to contact her union assuming she is in one.

This cones under copying and distributing information and that is an offence. Do not send this on!

I’m intrigued as to what it is you think this will bring to the employee’s case. Do you think she’ll go into the disciplinary meeting and say “paha! I know your secret!” and they’ll say “ah you got us. Bang to rights. Run along, you cheeky scamp”

@Gwenhwyfar

" if it was me I’d rather NOT know someone else had read all about my disciplinary."

It could help with the disciplinary though. The person being disciplined will now have something over the people disciplining her so I'd want to know.

She might be an absolutely appalling racist/ homophobic/ bully - you have no idea why she's the subject of a disciplinary.

Would you really want to give someone like that ammunition?

Gosh, so many drama llamas in this thread. Don't you have ANYTHING better to do with your time OP? It is not your role to print out and send. In fact, you might be committing a breach yourself if you do that. Did you continue to read all the juicy details after realising it wasn't for you? If not how did you see the medical stuff? If you did continue reading there's some hypocrisy there. You know nothing about the background circumstances of this disciplinary. Delete the email after reporting it to the company. These things happen and they will have a policy on it.

It sounds as if you don't know the intended recipient at all (and any details you saw are only because you opened the attachment). Therefore in practical terms, no real damage has been done - it would have been much more of a problem if you were colleagues.

Yes, whoever made the error really ought to be given a warning for doing something so potentially problematic - another time it might be a colleague rather than a random stranger.

However I think it's not worth causing additional stress to the intended recipient by letting her know what has happened.

So I think replying to the original sender saying that she used the wrong email address, and that she might want to be a lot more careful in future - fortunately no harm done this time and you have deleted the email.

You were perhaps rather too hasty to open an attachment when you didn't recognise the situation described in the body of the email. Apart from anything else, it could have been a phishing email...

Much as this is probably a breach, how do you know that Nail Bon Jovi hasn't given an incorrect email address to her employer?

Everything @KittyLuna said.

What a massive waste of drama time for someone you don't even know. Jesus.