AIBU to think writing confidential HR notes on a train is inappropriate?

[Elphabababa]

I am on a train in the UK.

Someone on the seat in front of me is writing up meeting notes from work. All clearly visible through the gaps between seats. I am slightly long sighted mind you.

I have seen that:

• She works in HR for company X
• The meeting was for an employee named Y (I can see his name and job title), following him raising a grievance about a GDPR breach of his data within work.
• Subsequent notes of the meeting about this grievance.

She's still typing her notes now.

AIBU for thinking that people should be very mindful of what work they complete in public places? And that this is inappropriate, and if Y found out that these notes were being written in full public view, they would have a further grievance on their hands?

Or am I a nosey parker?

(Or both?)

You do struggle with understanding don't you

That’s why they ask you to give your details rather than them just blurting them out. It’s not a breach of confidentiality if you give your name, address and DOB yourself as you have the option to either decline to give them (for which they cannot hand over your prescription) or you can ask to say your details in private. But it can be a breach if they just blurt out your details without you giving them permission. I used to work in the NHS and this is the very reason we got told to ask the patients for their details rather than just reading their details out to them. A bit shit I know as you’re still giving them your details in front of anyone but it kind of rids them of any responsibility of breaching confidentiality

I fully understand you reading the screen OP. I can’t help reading everything I see. Once I have read all the safety instructions and setting opening hours + all the other visual clutter, I read what is left. I have been waiting for a hospital appointment and tried telling the clerk to put the referral letters in a more private place. He was not happy, I should have taken it up with management.

She was seriously out of order. Up to you what to do.

The details in NHS/pharmacy is more about patient identification - making sure the right person gets the treatment/medication. Even if you have two people with the same name in front of you.

DP has seen it in action - he found out there was a man on our street with the same (quite unusual) name as him because he met him in the pharmacy. Pharmacist shouts out 'John Smith' (obviously not) and they both step forward, street name, yes, so then they had to double check the house number and DoB to make sure the right person got the medication on offer.

Details are asked for because people working in those environments are trained professionals who know why the details matter. Members of the public are often idiots who don't listen not.

Well if you were that concerned you would have told her. Rather than randomly post on here. Surely? If you were genuinely concerned that his information was being overlooked then you would have told her at the time. Given her a chance to rectify the situation. Because that’s what people who genuinely care about other people’s information do. So that’s what you did?

She'd already breached confidentiality. Gdpr isn't optional on the basis you only share data with nice people.

Does anyone bother doing their annual refresher training? This is common knowledge.

@margegunderson It’s a word everyone understands and it’s got a certain disapproval about it. As I said, I think the op should have mentioned it to the HR employee. Yes, it’s an informal expression but conveys what I think. So no need to be superior!

That's mean

Sometimes you can request to write this info down at the counter and pass it over.

in similar cirs I've had staff ask me to write personal ID on paper, to avoid it being overheard.

Yes I know and this is what I’m saying. There are the odd times where relatives living at the same address had similar names ie. A common one I saw a lot of was sons who has been named after their fathers so there are 2 people living at the same address with the same name. You need to check the details fully ie. Name, address and DOB. However where I worked we were under strict instructions not to blurt out patient details on prescriptions and other documents as it can be seen as a confidentiality breach and instead ask the patient to give their details own details themselves.

She shouldn't be doing it. People do. I see and hear it often. You could let her know and then she probably won't do it again.

Yes that’s a good idea too

That’s a very weird response to me pointing out the obvious, which is dealing with it at the time. Nothing was shared, someone was nosey, how do you not understand that? Who was saying anything about optional or niceness? You just came up with that nonsense to support someone who was peering between seats rather than acting like an adult who is seriously concerned about GDPR.

Talk to the person at the time. It’s not that hard. That’s why what my training told me. You deal with the issue in the instance it happens. You don’t moan about it online afterwards. You know you can be complicit in the breach of confidentiality if you know about it and do nothing don’t you? Guess your training wasn’t as comprehensive as mine…

On the face of what you said you saw, that doesn't sound too significant. Or was there a bit missing from what you saw?`

ETA - sorry this seemed a bit abrupt - what I meant was, was there other personal data breached other than in the OP?

I was kept entertained on a recent bus journey, by Mary telling John, on a call, why Linda wasn’t going on the conference in London. It all started with Linda’s thyroid & escalated to her myriad issues with the toxic team…

Well you don’t know them. Honestly what is the big deal? What would you do with the information? This mania over “privacy” is bamboozling!

We all used to have our name, address and phone number in a book delivered free to everyone’s home (except X directory). It would not bother me in the slightest if we still had this.

In the GDPR training we have at my employer, and one part of it is about when you are in a public place.

Say something OP, please.

I saw someone editing Eastenders storylines on the train yesterday. I was happily reading over her shoulder but the person next to me moved and I had to budge along - gutted!

If you'd really done the training you'd know it's the responsibility of the data user to ensure it's handled correctly and not shared with any unauthorised person.

Nosy people aren't an issue if that's adhered to and a pretty shitty way of shifting responsibility.

Ouch. We don’t even have uncovered windows at my work as it’s part of the standard so people can’t glance in and see anything

Agree with this. When I was working in the NHS it was my responsibility to make sure patients didn’t see other patient’s information.
This involved keeping patient documents and records somewhere where they couldn’t be seen. Turning over documents so that they couldn’t be read if we did have to keep them near the desk. If a patient was to see any information then it would have been our fault rather than the person being nosey getting the blame. The onus is on the staff to protect sensitive information, not the members of the public.

Honestly, I think you're nosy parker and a trouble maker. You shouldn't be straining to look at someone's work documents. Why would you do such a thing? And then try and get someone in trouble for it? God, that's just awful..

I have done the training and thankfully a normal person delivered it to me and who made clear that if you are concerned you can talk to the person directly first. Which is much more effective in terms of protecting data than letting a whole train journey go by first. If you care about GDPR you tell the person at the time. It's not shifting responsibility, it's dealing with the situation in the moment. Like an adult.

I once saw a Teams meeting in a Hotel lobby discussing security at a building they owned in the town, with their head office. There were two on the lobby side so they had the computer on a table at a good volume whilst they had the discussion. People get completely disconnected from their surroundings.

Of course it's shifting responsibility.