To report myself at work?

[Moltenpink]

Someone has just sent me an email saying I have sent them someone else’s personal information instead of their own.

I have apologised & sent the correct details. Would you report yourself for the data breach or hope for the best??

YANBU- own up
YABU- hope you get away with it

I’d own up, mostly because it’ll look much worse if you don’t. I’m in a regulated sector though and we’re told a million times a year that if you don’t self-report and an issue ever comes to light (even with no material harm) it’ll be dealt with much more harshly.

You have to. Just suck it up and report it. It's important and I would think you'll be fired if they find out you failed to report it.

Yes I think you’re right. Sigh. Thank you

I've self reported a data breach - my notebook with all my union case notes in was removed from my locker and nobody knows where it went (I was on bereavement leave and we were given new lockers, nobody in my team was asked to oversee the transfer of my stuff). I had to email HR and the Permanent Secretary to let them know that details of our discussions in confidential negotiations and also personal details of members were missing.

It was OK - HR thanked me for reporting the breach and told me not to worry. I saw it as a bit of me covering my arse in case the notebook had fallen into the wrong hands, but it probably ended up in the bin.

Definitely own up, it’s far worse if you don’t.

Self report with a plan of how to avoid a recurrence.

Definitely own up, OP. As a manager, I have had two employees coming to me to report that they have accidentally breached someone's personal data. In both cases, I have really respected their honesty and quick response, as it has enabled us to put new procedures in place to minimise any future risk of further breaches.

People are human and mistakes will happen. Sometimes these mistakes reflect a problem with systems and processes which should be designed to mitigate the risks of human error. I'd far rather hear about a breach from the employee than from an angry customer.

The breach will need to be reported and the individual whose data was breached will need to be notified, but if it only affects one individual, it's unlikely that there will be any further consequences.

NB if you are going to report, please do it quickly as there are clear timelines in place for reporting data breaches.

Also, assuming that you sent the data by email, ask the original recipient to double delete the messages and confirm when they have done so.

Yes self report definitely. I think a lot of people do since GDPR so I wouldn't worry about it tho

You have to report it. It was an accident and you're not likely to lose your job. It is important that it's recorded so if that person's details do leak it can be traced.

Always own up, ideally with what you’re going to do to solve the problem

It’s always far worse if someone finds out later and finds you’ve tried to cover it up

Everyone makes mistakes but hiding it is probably gross misconduct, especially with something as regulated as GDPR.

I would report myself if I were you. I was once sent someone elses very personal information including an occupational health report as my name is quite common and I often get sent wrong mail. I reported it further up the line and it was investigated. I was rung back and interviewed about it. They have now changed how the email system works and it brings up more details of the receiver (job title, dept etc) when you type a name in to try and avois things like this happening.

Self-report and it shows you're aware of your responsibilties and prevents you getting in further trouble. I doubt much will come of it, perhaps just reminding you to be more careful. I've done a similar thing and my manager was fine (and he was normally a git) it's easily dealt with.

Report yourself, there will probably still be some of investigation but if you don't the outcome may be worse. I speak as a Trade Union who represented someone in a similar position.

I agree with PPs. Self report is the best way. Making an error happens, covering it up is where things can go wrong.

If you own up it will likely be an manageable issue.

If you get caught covering it up i imagine that might endanger your job.

You'll probably be given some additional training, provided you own up, state it was a genuine error (and maybe some insight into how you think your error may have happened, as that shows a strong desire for self-reflection to avoid making the mistake again).

The likelihood of something really bad happening to you depends on what type of data you mistakenly sent, but I suffered a data breach and the company did absolutely nothing about it, and ignored my demand for an apology and explanation. They couldn't have given a shit.

You're human like we all are, you just need to be sure it doesn't get repeated, as that would be taken more seriously.

Tell them and straight away. I've done this before and it's humiliating, but ultimately, if the other person reports you, it will be far worse all round.

As a manager, the only person I've ever fired was the person trying to cover up a mess. I encourage people to come forward with errors. They can usually be fixed, but it becomes way more difficult the longer it's left

Good lord yes, of course report it.

Data breaches are very common. I've had to report myself for a breach that resulted from Outlook autofilling the wrong email address. If I hadn't I would have been in breach of the code of conduct of my professional body (not to mention potential disciplinary at work for covering it up). It wasn't an issue at all that it happened, it was rectified, but if I'd lied about it I'd have created an issue.

Yeah own up - if you’re honest it can be sorted quickly and likely with little or no consequences

Own up to it or you'll worry yourself sick about getting 'found out' IME.

Yep, someone I manage did similar and we could investigate and resolve it, they also included steps they were taking to stop it happening again. If they have not disclosed it they would have been fired had we found out

It's better to admit to it & put something in place so it doesn't happen again.

It's all getting a bit ridiculous though. I got a letter yesterday from 'a car company' (I'll save them their blushes), admitting to a 'data breach'. Someone accidentally sent a list of
Names/addresses/phone numbers to someone external, rather than internal

NO financial information, no details of car purchased (I didn't buy from them)

The letter waffled on about systems put in place to stop it happening again, the person destroyed all contact details, yadda yadda.

Name/address/phone number -so what?

Utter madness, waste of resources & time.

Definitely own up. It speaks volumes about your honesty and integrity. You’ll be respected for it.