Active discussions

Meet the Other Phone. Flexible and made to last.

Meet the Other Phone.
Flexible and made to last.

Buy now

Please or to access all these features

Talk
Work

Chat with other users about all things related to working life on our Work forum.

Original poster

Can I class this as a data breach?

29 replies

ItsClemFandangoCanYouHearMe · 28/05/2020 20:20

So long story short my employer dismissed me when I raised concerns about how they were protecting staff (key workers) during the covid pandemic.

Since they furloughed me then dismissed me (as the company was apparently struggling yet kept new starters) I knew that is why, but I cannot prove it.

My DSAR has come back with plenty of written statements etc but some were from personal email addresses and were not redacted.

Is that a data breach?

I'll be perfectly honest, I am just trying to be difficult. I'm doing the DSAR and appeals because they way they did this is so wrong and I want to make a point and waste their time as I know nothing will come of it and I don't want my job back.

I doubt it's enough to go to the ISO though 🤷‍♀️ any thoughts?

OP posts:
Original poster
ItsClemFandangoCanYouHearMe · 29/05/2020 18:02

It's a company in the medical field, I believe all patient records are kept for 7 years. Emails are used to discuss patients so maybe they are stored that way too.

OP posts:
Rosie2020 · 29/05/2020 18:11

Application and Recruitment Records: 6-12 months.
Parental Leave: 5 years from birth or adoption, or 18 years if the child receives a disability allowance.
Pension Benefits: 12 years from the ending of any benefit payable.
All Personnel Files and Training Records: 6 years from the end of employment.
Redundancy Records: 6 years.
Sickness Absence Records: A minimum of 3 months but potentially up to 6 years after employment ends.

Rosie2020 · 29/05/2020 18:20

Computer systems and emails are backed up daily and companies pay a monthly fee for back up. They have to do that to be GDPR compliant although obviously they have to do a lot more. It will say in the privacy policy who they use and share information with.

PegasusReturns · 29/05/2020 20:02

@Rosie2020 you are talking about certain Documents where a legal obligation attaches.

The OP has specified she believes there to be emails in existence. There is no legal obligation, under the GDPR or otherwise, to back up general correspondence in email.

Those emails likely never existed, but if they did her employer may not be compelled to disclose them under GDPR in any event.

New posts on this thread. Refresh page
Please create an account

To comment on this thread you need to create a Mumsnet account.

Join Mumsnet Log In

This thread is closed and is no longer accepting replies. Click here to start a new thread.