I have received someone's disciplinary letter by email by mistake............

[Nailgirl]

So I've just opened my personal email account.
It is clearly Nail Girl @ gmail or whatever.

The email says "Dear Nail, as discussed details of the disciplinary for next week etc -see attachments" from Joan (insert another name).

Panicking -I hope the attachments as of course my first name is Nail.

Except this is a whole different person, name, address, medical details, and documents, OMG.

The email is signed off to her "best wishes for your wellbeing".

Not my company etc. -OMG.

I've emailed them back and said "Nail Girl is not Nail BonJovi -as should have been obvious from the email address. I suggest you contact Nail Bon Jovi pretty sharply and tell them that her confidential disciplinary stuff was sent to the wrong email. Obviously I opened the attachement due to the informal tone of the email that addressed me by my first name.

I will be printing off these documents tonight and posting them first thing in the morning to her address.

I asssume that this would be the right thing to do.

If I'm reading your update correctly, OP, you are going to delete. Good
Another experienced GDPR person here and you must not print off and forward. If they got the email address wrong, the home address may be wrong, too - then you have shared inappropriately!

Reply to sender advising of breach. The sender will do an online assessment to identify whether it is a reportable breach to ICO and they have to maintain a breach log and report on annual assessment.

ICO are more interested in sensitive health / financial info getting released and in high volumes or individuals accessing others info inappropriately - check out enforcement page on ICO.

I also think you should not have even opened the attachment- could be malware and we regularly get genuine email accounts hacked so it is possible. If you're not expecting a disciplinary letter, your nosiness made you open it!

You should absolutely not print the docs off.

DH has received a scam email this week entitled 'Re your disciplinary hearing'

Also aside from the data issue you know nothing about that person's home circumstances. I wouldn't go merrily sending such info in the post to them knowing nothing about the impact of that or who else might open or read her post and the implications that could have.

It's a scam.

I feel a bit sorry for you OP. For being naive enough not to suspect this is a scam or an attempt at getting malware onto your device; and for being sad enough to print it off and post it and kid yourself that it's the dutiful thing to do.

Similar happened to me today. I was sent an invoice which displayed very personal details. I replied saying this was sent in error and that I had now deleted. It was a mistake, no big deal. I don’t want to ruin her career. Just do the same imo

@KittyLuna

God how empty must some people’s lives be to make such a drama out of something so painfully mundane

It’s extraordinary, isn’t it. Why such glee at an error? I’m

I will be printing off these documents tonight and posting them first thing in the morning to her address.

I asssume that this would be the right thing to do

Is there a full moon tonight?

Oh FFS get a life and stop being such a self righteous shit stirrer!

This is a major GDPR breach of that person’s sensitive data

You need to let the sender know if this breach (which you have done). If you’re concerned about the person knowing what has been sent, contact the information commissioner to let them know. Ask them if it’s ok once reported for you to delete.

I would email back and delete.

I can imagine feeling vaguely embarrassed to find out someone else knew about my disciplinary - but tbh a stranger knowing about my, a completely non-famous and not-in-a-position-of-power person details like this? Who cares?

I think you’re making a mountain out of a molehill and loving the potential drama you’re stirring up.

In our GDPR training it was made clear what our responsibilities are. In this instance you should inform the sender AND your data protection officer.

OP does not work for this company, she has no responsibility to do anything in particular.

Most emails from businesses contain the following message.....

I end all my emails with a message saying the recipient must send me £20. Sadly that seems to have as much validity as those boilerplate data messages.

I m not a lawyer, but my understanding of GDPR is that if OP prints off the documents she too commits a breach of GDPR because she doesn't have the data subject's consent.

GDPR doesn't apply to individuals, nor does it apply to unsolicited information you are sent. It's about how organisations collect and process data.

Normally I would just reply and delete this sort of thing but given the highly confidential nature of the breach I would agree to forward it on with a brief description of how it was received in error.

I would give no more info about yourself, it is not your place to offer advice.

I'm really surprised that anyone thinks this isn't the right thing to do- I would want to know.

From experience, contacting the ICO is pointless, they will just refer you back to the company.

Big GDPR breach! I'd let the person know what's happened so its not just conviently brushed under the carpet. Company are liable to big fine.

I work in HR so yes just tell them you have it and delete it. Please do not print it all and post it to her, now humiliating would that be? To know that some random person received it, read it and went to the trouble of printing it and sending it to her personal home address?

Whether the employer informs her or not is not your business, even if you yourself would prefer to know. You’d be making an already stressful situation for the employee so much worse.

Respond then delete. Printing off is worsening the breach!

GDPR doesn't apply to individuals, nor does it apply to unsolicited information you are sent. It's about how organisations collect and process data.

Thank you for that. Duly noted. Also noted the suggestion upthread that this a scam to install malware etc.

GDPR does apply to individuals.

It does not apply to processing in the course of personal or household activities. (There is a difference to be pedantic).

Personal or household activities – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the GDPR’s scope.

That’s what the ico say.

If I had received an email like this I would have just deleted it without responding or any other action, due the fact that it could be spam.

Oh god this is so stupid. Just delete the email fgs.
Do you like to involve yourself on everything usually? Make yourself feel important?

I bet it is a scam. There are so many "government" emails that are actually fake. Just because it might say it's government it easily might not be.

In fact, why don't you tell us what the government email address is?

Just reply to sender saying received in error and delete.

It’s the sort of GDPR breach that happens every day. It’s not ideal but it’s not going to raise so much as an eyebrow with the ICO.

And the OP wouldn’t be committing a data breach by printing the material domestic activity is out of scope but why bother?!

You don't know what the intended recipient maybe going through, or has gone through. Finding something like this out could cause them distress. Just let their company deal with it, you could make things worse the person in question.

Printing it and sending it seems like a very kind thing to do. I would do the same and I would be grateful if it was done for me. You have no evidence that the company will report the breach and follow the rules. Whilst it is not your problem, the third party has a right to know.

I don't understand the mentality of not helping people in a situation like this.

I would be emailing them asking how they got my email address. Especially if it is in a similar work place to yours.

Does that mean that your email address and personal details are on a system that can be accessed by other people outside of your work place?