Hi, I have a case currently where someone stored a word document about a grievance on a shared drive by accident thinking the folder he put it in was secure. Someone accessed it.
Has anyone come up against this and if so, did you consider the accidental storing of the paperwork in a folder that the person thought was secure a disciplinary situation? It was definitely under carelessness within our Data Protection Policy but no malicious intent.
Thanks
Clare
Replies
Hi Clare
All sound advice below, much of this depends on context and the organisation. I would undertake a fact finding exercise, essentially it will boil down to of it is a case of can't or won't. Did the employee disregard the Company policy or chose to ignore to put appropriate measures in place to comply with this? If the former misconduct would be an appropriate route.
Data breaches sadly can and do happen, and I think the focus should be on ensuring steps are taken so this can not happen again.
In my last role we only had access to networked systems which HR only could see, we did not have access to public shared folders.
Hope this helps
Sarah
Hi Clare
Good question and I am of the opinion that such situations should be tackled on a case by case basis.
I think some of the questions that I would ask are:
-What is the employee's track record? Has s/he made errors in the past or is this actually his/her first time?
-You would need to assess the impact of this mistake for the organisation and the individual/s involved in the grievance. Would the company lose money? Is there a chance the individual/s could sue the company for leaking such confidential information.
-How much damage has been caused across the organization in terms of the overall need to maintain confidentiality? Has it broken the trust employees have in management and the organization?
There are many questions that would have to be asked and I am of the opinion that , all the wronged parties would expect action to be taken. After all, his action went against the company policy. If it was an honest mistake with minimal negative impact, a written warning should be kept on file.
If the implications are far reaching, the organization would have to make the decision to release the individual - honest mistake or not.
A difficult task but one that needs to be done - action should be taken.
Again this is my opinion, and to be honest I am limited in knowledge of laws outside of the UAE, that can guide you on how to tackle this situation. However, I hope this helps. :)