Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
Legal matters

Mumsnet has not checked the qualifications of anyone posting here. If you have any legal concerns we suggest you consult a solicitor.

Original poster

Data protection breach

7 replies

Mabelface · 05/05/2022 18:40

Work breached some very private records of mine by saving them into a shared drive, meaning the whole department had access to them for half a day, until my colleague gave me the heads up.

Obviously, it's been reported and removed but I am aware that others have looked at them. I've reported to the ICO as I'm not happy with how it was handled. I'm going to consult a lawyer due to the stress, embarrassment and humiliation is caused me. I already have a grievance in for other aspects, such as ableism and discrimination and bullying.

I'm not ashamed to say that I want a payout now. The stress they've had me under for the past year and a half has affected my life, home, relationships. I'd be happy to leave quietly for a reasonable payout.

Am I being realistic here? This seems so big and scary, way too grown up for me.

OP posts:
Original poster
Mabelface · 05/05/2022 18:42

And please be a little gentle. I have asd, and my mental health is really teetering on the edge right now due to the above.

OP posts:
Makinglists · 05/05/2022 18:46

You've done the right thing - they have made a serious breech. A lawyer is your best way forward. Be kind to yourself they are in the wrong.

DownToTheSeaAgain · 05/05/2022 18:49

You need to see a lawyer but you also need to be honest with them about how much of the upset and annoyance is down to this information being made available for 1 day and how much is related to your other grievances.

Original poster
Mabelface · 06/05/2022 10:51

It's had a huge effect on me. I'm really embarrassed going into the office, I have to take beta blockers just to be able to do so. My trichotillomania (hair pulling) has massively increased, I can't eat much due to washing machine stomach and my top lip is full of cold sores.

OP posts:
Villagewaspbyke · 06/05/2022 13:12

i know it doesn’t seem minor to you but in reality there are many millions of similar data “incidents” every day. Given that it was for such a short period and it was on an internal shared drive only accessible to a few people, it’s not really clear to me that there was any data breach.

you don’t generally have any right to compensation for data breaches and the ICO is unlikely to do anything about what you describe.

however employment tribunals are expensive and time consuming and it is likely that they would want to settle especially if you have been there for over two years. So definitely speak to a lawyer and see if they can suggest a proposal.

Original poster
Mabelface · 06/05/2022 14:46

Definite breach as it was accessed and read. Was available to around 100 people. Been here for nearly 7 years.

OP posts:
SolasAnla · 07/05/2022 10:08

Villagewaspbyke · 06/05/2022 13:12

i know it doesn’t seem minor to you but in reality there are many millions of similar data “incidents” every day. Given that it was for such a short period and it was on an internal shared drive only accessible to a few people, it’s not really clear to me that there was any data breach.

you don’t generally have any right to compensation for data breaches and the ICO is unlikely to do anything about what you describe.

however employment tribunals are expensive and time consuming and it is likely that they would want to settle especially if you have been there for over two years. So definitely speak to a lawyer and see if they can suggest a proposal.

Villagewaspbyke

i know it doesn’t seem minor to you but in reality there are many millions of similar data “incidents” every day. Given that it was for such a short period and it was on an internal shared drive only accessible to a few people, it’s not really clear to me that there was any data breach.

If it was
• her personal data

• which was given by her to her employer for a specific purpose (HR need it to meet health and safety obligations)
• which is then processed and held by her employer
• for the purpose of processing employee related data and
• it was processed/stored in a location it should not have been placed
• which resulted in other unauthorised employees gaining access to the data
• when the processing should not have allowed these employees access to the data
• then its a data breach.

Part of the obligation is to control who is given access to the data.
Some of the tests are pedantic did we follow the rules of the work flow when processing the data. Eg I give my home address to allow for correspondence and phone number so that work can call me in an emergancy.
They need to have controls to make sure that only the people who have the authority to write to me can access my address and that the only time my address is accessed is when official correspondence is sent to my address.
Same with my phone number, its collected "for emergency contact" so my manager may wish to phone me to tell me that she, as the company rep, is sending a Get Well Soon card and hamper to my address. However the number is for emergencies only and the delivery is not an emergancy so my manager has no authorised use of the number so the number should not be accessed or used.
Work also can't decide to add these details to an internal whoswho without my permission just because they decided to process the data they collected in a new way.

New posts on this thread. Refresh page