How badly have I fucked up?

[AmberDay75]

I sent a work email on Thursday, and sent it to the wrong “Joe Blogs” who works for a different part of our organisation. He replied with a casual wrong Joe message and I apologised. Didn’t think any more about it. Over the weekend I’m wondering if I need to report it to someone? It was about a customer and had some personal information. I’m getting really anxious tonight about how much of a fuck up it is.

it will be fine, I know GDPR, it was an internal contact and not sensitive or personal information. It will be fine, please don’t worry.

Another one in HR/employment law here
legally it’s a data breach but happens a lot internally in large companies and very rarely results in dismissal if accidental and internal.
The onus is also on wrong recipient in the company to delete it immediately so hopefully he has
I would email the wrong guy to confirm he deleted it immediately and then report it to your manager saying it was deleted immediately it was received
They will have to log it but if it only had the name on then it won’t go any further
just check, double check and triple check in future as it’s stress you don’t need!

The compliance officer at our company sent me some test results of another person with the same first name; she apologised but it didn’t go any further. I get meeting invites for the other person all the time with documents attached. I wouldn’t worry about it. If they work at the same company it’s likely they’ll have access to the customers details somewhere anyway. I think his response probably means he gets it all the time!

Is your company database available to the person who received the message? If so, you didn't share any information that wasn't already available to him and you're in the clear.

Does the wrong Joe Bloggs have access to the same computer systems as you so he could have looked up the customer if he wanted to? If so it isn’t a dat breach at all. Even if he doesn’t, as it’s internal it is unlikely to be a problem, but worth mentioning to your boss to be sure.

I don’t think they do have access to the same database as I do. It’s part of a bank so I’m in the insurance arm and he’s in the main banking arm.

Sorry - should have added that it’s nothing for you to worry about at all. Because it’s the name it can count under the data protection act which is the only reason you should tell the manager but there was no sensitive information shared and it’s likely any colleague could access the name anyway. It was also only being used for the purpose the client consented to - eg you didn’t pass their name and phone number to another colleague so they could ask them out (and yes, I have dealt with that before!!!!)
I’ve seen a lot worse sent in error with no action taken. Don’t let it ruin your weekend

thanks. I’m not sure they would have access to the client otherwise though. In your experience would it lead to dismissal or a warning?

If thats all that was in the email then the worse case scenario is that a breach should be logged to say something has happened. Wont lose your job over that, i work in a similar environment

Honestly don’t worry about it. This sort of thing happens a lot more frequently than anyone thinks. I wouldn’t give it another thought as it’s someone within your organisation.

Hi - I can understand why this is causing anxiety. It’s ok, though. We’re all human. We all make mistakes. The important things is that we take appropriate steps to correct or mitigate our mistakes in a timely, reasonable and responsible manner. I suggest you do speak to whoever you report to. Explain clearly and honestly what happened and why. Apologise. Acknowledge where you went wrong, and tell them how you will handle similar situations differently in the future. Be honest, straight and ready to learn from the mistake. Breathe. It’ll be over by Monday. Remember. We’re all human. You aren’t the first and you wont be the last to make this mistake. But do learn from it.

I semi-regularly get sent emails by mistake from external organisations, sometimes containing personal data, such as health related. As far as I'm aware no-one has lost their job over it!

In my experience it’s not a dismissible offence at all
Most companies only count it as gross misconduct if it’s been a deliberate breach.
Occasionally I have seen colleagues given a (low level) warning for careless work leading to a breach (ie not checking they had right recipient) but the majority of the time no action is taken at all

i wouldn’t worry about it in the slightest. The person you sent it too has probably forgotten all about it and you should too. No one else even needs to know about it.

You'll be fine, especially as it was internal.
If it makes you feel better i used to work in Payroll for a VERY large logistics company.
This company had depots in every city/airport/and multiple large towns.
I sent thousands of payslips to the wrong depots. I still dont know how i did it, and they all had to be reprinted and posted.
This was a massive f up as it included mamagers payslips so there was nothing stopping anyone opening the wrong ones on purpose.
It was awkward for an afternoon, but ultimately its human error.

I only had the same first name as a colleague - and the amount of emails I got for her was ridiculous. If the “other Joe Bloggs” is anything like me - and it sounds like he was - he would just breathe a sigh of relief it wasn’t anything for him to deal with,
delete and move on. It really is not an issue if it’s within the same organisation. Relax.

Please don't worry, I don't even think it would be a warning, let alone instant dismissal. The worst thing you can do is cover it up - that's what would lead to more serious action being taken. Just report it. It was internal so much easier to rectify.

We're all human. I work in finance and I once sent out a set of management information to the wrong "John" which is way worse than what you did. But I owned my mistake and reported it as soon as I realised my error. I felt sick and faint when I realised what I'd done so I know how you feel, but I wasn't the first and I'm sure I won't be the last. I'm so fucking careful now when emailing anything confidential and I'm sure you will be too. Please try not to spend all weekend worrying.

I would speak to your Data protection officer or IT information security. I don’t think it needs reporting to the ICO but I think you should log it because you said in your post that personal data was in the email.

I had a link that I’ve now lost but if you Google “ICO sent email to the wrong person” it will take you to the page on the ICO site. Yes it has been no biggie in practice but it is technically a breach and your organisation will probably have a procedure. But not all breaches need to be reported to the ICO. Data protection is part of my role.

I work in Insurance Compliance- this wouldn't worry me at all and we wouldn't even log it.

Hello OP 👋🏻

pleased to meet you - I’m also a catastrophiser.

you’ve made a genuine mistake and it was an internal email. Take a deep breath and focus on the fact that people must do this day in, dayb out.

my boss has a really common name (think, David Smith type name) and he fields off emails most weeks that have been sent to him internally by accident.

mention it to you boss but don’t stress about it. Enjoy the rest of you weekend and try to stay calm (which is impossible if you catastrophise!) xx

Try not to worry!

When speaking to your manager about it, mention that you will improve the process so when emailing any personal information you will put the information onto a document and protect with a pre agreed password (using zip or something) or if you have access to the same work drives you can email a hyper link to a folder with the information in.

I think suggesting an improvement when admitting you have done something wrong can help to show it won’t happen again.

Just try to forget about it. The person who received it sounds like they are unlikely to do anything, they’ll just delete it and that will be it.

I'm frequently on the receiving end of classified information from the Police. They send out Operation Encompass information to schools if they've been called out to a Domestic Abuse situation at a pupil's house. They're always sending it to the wrong school - makes for interesting reading!! 🙄🤦‍♀️

I would try and relax and not do anything @AmberDay75 . You could ask Wrong Joe to delete the mail as it contains client info.

Don't worry. Just let your manager know of your mistake Monday morning or send an email to them now if you need to get it out just letting them know what's happened. It's internal so you all need to stick by the same rules around confidentiality anyways. Accidents happen and your human. Human error happens. It would be best practice to let your manager know though but that's just as much for your reassurance than anything else.
I've had several emails with information not for me, it takes a second to realise then I send an email back just letting them know. Nothing further comes from it and I haven't even read what's on there. This person is probably the same.