Active discussions

Meet the Other Phone. Flexible and made to last.

Meet the Other Phone.
Flexible and made to last.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

Is this a GDPR data breach and If so how serious.

18 replies

BertieBassettsBabe · 23/02/2021 19:27

My sister has had issues with her company before regarding a data breach. (They forward a letter to various employees which had her address on it)

She is currently shielding until the end of March.

She received an email from the company today saying that furlough is being extended, but this email had clearly gone to over 100 people at the company with their home email addresses all shown.

She has had enough and intends to hand in her notice next week anyway as they have been an awful company to work for.

She is considering making a complaint about this but her DH doesn’t think it’s much of an issue.

OP posts:
PanamaPattie · 23/02/2021 19:34

I would say it was a breach, as personal information - address and home email has been shared without her consent? Check with ICO website for proper advice.

Nohomemadecandles · 23/02/2021 19:37

It is a data breach but I can't imagine they'll get much more than a stern talking to.

BlackeyedSusan · 23/02/2021 19:37

Probably. Certainly got apologising email when someone did this to us

CoRhona · 23/02/2021 19:38

The fact that it went to over 100 home email addresses she could see is a data breach. She could report them if she wanted to.

Nohomemadecandles · 23/02/2021 19:39

Oh it's email addresses not addresses. It's not great but not crime of the century either. Move on. Enjoy the new job.

Original poster
BertieBassettsBabe · 23/02/2021 19:39

She had another email half an hour later saying the person was trying to recall emails. No apology though.

OP posts:
Wavescrashingonthebeach · 23/02/2021 19:42

They've Cc'ed all instead of BCC'ed all (blind CC is where everyone CCed cant see the email addresses of everyone else).

Judging by the attempt at recall, someone has very swiftly realised what they have done & gone SHIT Shock

Technically it is a breach, but to be honest i dont think it's worth taking further.

floofycroissant · 23/02/2021 19:43

Yes it's a minor breach, and I'd take a good guess that if the ICO even find time to look at it, it won't have any negative impact on the business. Other than a telling off for the company, it's more likely to negatively effect the individual who sent the email.

Nohomemadecandles · 23/02/2021 19:45

What does she want to gain from it? If she has an exit interview would it be better to calmly tell them what she's actually upset about and not scapegoat an admin error? Seems a bit petty.

doctorhamster · 23/02/2021 19:47

It is a breach but it's a minor one. Nothing would happen to the company.

titchy · 23/02/2021 19:54

Why would she hand her notice in when she's on furlough Confused

Original poster
BertieBassettsBabe · 23/02/2021 20:11

@titchy

Why would she hand her notice in when she's on furlough Confused
She has to give a months notice and she doesn’t want to go back to work for the company.

She TUPE’d over 2 years ago and since then they have tried many things to either get her to quit or dismiss her. Her salary is 30% higher than others in her department and even though it should have been confidential, word got out and she has had some bitchy comments. She also has 3 weeks more holiday and sickness pay. She admits she is not thinking straight. I imagine she will probably just let it go.

OP posts:
Nohomemadecandles · 23/02/2021 21:26

Sickness pay??

Passthewinebottle · 23/02/2021 22:20

@Nohomemadecandles

Sickness pay??
Presumably sick leave paid at 100%. She gets 3 weeks more of it than her colleagues. I mean as a normal none-piss-takey person, it's mostly irrelevant IMO, but some people see their paid sick leave as an entitlement - my ex colleague was like this, hence ex!
parietal · 23/02/2021 22:27

If the company has 100 people & this message has gone to all 100 people so they now all have each other's home email, that is not great but not a very big deal.

if the company has 2,000 people but only 100 of them are on furlough and this email has gone ONLY to the furloughed people (who now know the names of everyone else who is furloughed), that is also not great. But I don't think that the category 'being on furlough' is private info (presumably others could find that out within the company as needed) so it might not be worth making a big fuss.

If there was a different scenario, where the company has 2,000 people and 100 of them are in a very sensitive category (e.g. seeing a counsellor for mental health or being on a PIP), then just by seeing the list of emails, your sister can learn the names of other people with this issue and they can learn her name. That is a BIG breach and companies / councils have been fined BIG money for that kind of GDPR breach.

RootinandTootin · 23/02/2021 23:04

Getting paid for 0 work right now, 3 weeks more holiday and sick pay? And she’s moaning about a very minor admin error. I’d happily take that resignation if I were her line manager. Shocks me how entitled some people are.

Shamoo · 23/02/2021 23:13

Clearly an accident, somebody is trying to rectify it. A home email address really isn’t super confidential info (not like an actual home address). And presumably people know she is on furlough already. So I can’t see that it’s a big deal!

Charmatt · 23/02/2021 23:38

It's a minor breach that doesn't require the company to report it to the ICO as there is little risk of material harm to the person or persons involved. However the practices leading to the breach should be reviewed and refined.

New posts on this thread. Refresh page
Swipe left for the next trending thread