How badly have I fucked up?

[AmberDay75]

I sent a work email on Thursday, and sent it to the wrong “Joe Blogs” who works for a different part of our organisation. He replied with a casual wrong Joe message and I apologised. Didn’t think any more about it. Over the weekend I’m wondering if I need to report it to someone? It was about a customer and had some personal information. I’m getting really anxious tonight about how much of a fuck up it is.

Your organisation should have protocols to follow in this situation and really they should've given you training to ensure you knew what to do.

You should report it to your line manager on Monday. Really you should have done this on Friday because I believe there are time limits if it needs to be reported externally.

I would have done if it was someone outside of the organisation. I think because he is in the same company although a different division it made it seem less bad. Especially his causal reply. Now I feel doubly stupid. And like I’m going to get in double the trouble. Could I lose my job over this?

All the above might be true (depending on your organisation) but it was a genuine accident and if you put your hand up, the consequences wont be that serious. Don't let yourself catastrophise about it over the weekend. We all make mistakes.

I think I wouldn't worry if it was internal. Your email should have a gdpr message oñ it saying to delete and don't read if they are the wrong recipient. Chech with IT on Mondays

I'd not make a big deal out of it if he hasn't! Let it blow over...

Meh, don't worry. I once sent out a different vendors rfp answers to a competitor who was in the bid. Was fine, eventually and what you have done is really not the same, it's internal.

What info did you send and what type of organisation do you work for?

I don't know lots about it, but hopefully if you answer these questions, someone with more knowledge will be able to help you.

FWIW, I don't think you will lose your job, but like I say, I'm not an expert. Hopefully you'll have someone else along soon.

These things happen. I've done this and also been the recipient of emails meant for others. Honestly, unless it was sensitive personal info I probably wouldn't do anything. If sensitive, I would check it out with my manager. Either way, it honestly isn't something to self flagellate about.

Where I work, it's not considered a "data breach" if it's sent to the wrong person within the same company, which is what's happened in your case. It's a data breach if it's sent to the wrong external party.

Obviously I'm not sure what your company's policy is but from how you describe it, it doesn't sound as bad as you think. However, for your own ease of mind, I think you should tell your manager on Monday and explain to him/her what happened. The temptation is to say nothing but I think it will ultimately be a good reflection on you if you're honest.

I did this once as a teacher and the recipient was another teacher at a different school (think something like same LEA so same email endings and starting with A.brown instead of A.browne…)

The person who received it was a very officious type who was incensed by my genuine mistake 😬 But luckily that meant they knew all the rules for how to correct it and instructed me on what to do lol

They deleted it, I informed our data manager and my line manager.

People make mistakes and this doesn’t sound like a horrendous breach 💐 But I absolutely understand your anxiety, I was the same at the time! X

I’m not sure if it would be classed as sensitive data or not. It included the full name of the customer and named one of the products that they hold. I work for an insurance company.

I really would worry I have a common name and there is 2 of us common namers that work in complete different areas of the business and if got £10 for every email I got for her I wouldn't need to work. I just forward them on and cc the person on to say they have the wrong <common name>

Ps I work in. Insurance too!

If it helps you feel better, back in my misguided youth I accidentally emailed my friend in the next office, moaning about my boss being unfair to another employee over a disciplinary matter(boss was HR manager of all people).
Went on my lunch break and came back to realise I'd emailed my boss not my friend....and my boss was sat at my desk....

I didn't even get fired for that as it was internal email 🤣
Just hope this cheers you up

Your email was only internal. Don't panic - it will be fine.

Do two people in the same organisation have the same name? I expect this isn't the first time it's happened.

Where we work there were two people with the same name and it kept happening so eventually one changed their name slightly for emails (think adding a middle name to make their first name double barrelled) it worked and now that's how they are known

It will be fine, accidents happen! but depending on your company protocol you might need to report it. If you think this might count as a data breach then don’t ignore it. Make sure you take responsibility and follow whatever protocol is in place.

You should have reported it to Information Governance as an IG breach. It’ll be fine, I wouldn’t worry. If it makes you feel any better, I was once asked to get ‘John Smith’s’ (name changed) Outlook/One Drive/SharePoint account closed down by IT. I asked for the wrong John Smith 😳 If I hadn’t realised in time then that person would have lost all their personal work in One Drive, all their emails and lost access to Share Point. 😬 Luckily I realised in time.

No need to worry because it’s internal but won’t harm to mention it to your manager.

I would have thought if Joe was going to report it he would have cc’d a manager. I imagine he just thought…wrong email mate.
I wouldn’t give it a second thought. Relax

It's a personal data breach because personal data about your customer has been sent to someone who had no business need to access it. You should let your line manager know and report it in line with your organisations process for those - there is a legal obligation on organisations to keep an internal register of all data breaches.

Don't worry too much about it though, it's not a breach which is reportable to the ICO nor notifiable to the data subject - largely because its been contained within your organisation with (I assume) no likelihood of harm being caused to your customer because of it.

I work in HR and know of many of these examples - you should have a data privacy officer who you can report it to. Just ask the person who you sent it to to confirm that they have deleted the email for your records. Providing it is a person of trust and they are made aware of the repercussions of sharing the information then there shouldn’t be an issue. It’s a horrible feeling but it will be ok if you are upfront about it. Your data privacy officer will tell you what to do. If they’re like the ones at our organisation they accept that people are human and mistakes happen so try not to worry 💐

I can't see a problem. It happens all the time. As long as it doesn't contain any confidential information or anything that could be classed as a data breach.

Don’t give it any more thought, it’s no biggie.

This is not sensitive data…. It’s hardly…data! Just mention it to your line manager in case it needs to be logged but don’t worry- this sort of stuff happens all the time.