Careless disclosure of confidental information

Hi, I have a case currently where someone stored a word document about a grievance on a shared drive by accident thinking the folder he put it in was secure. Someone accessed it.

Has anyone come up against this and if so, did you consider the accidental storing of the paperwork in a folder that the person thought was secure a disciplinary situation? It was definitely under carelessness within our Data Protection Policy but no malicious intent.

Thanks

Clare

You need to be a member of DPG Community to add comments!

Join DPG Community

Email me when people reply –

Replies

  • Hi Clare

    All sound advice below, much of this depends on context and the organisation.  I would undertake a fact finding exercise, essentially it will boil down to of it is a case of can't or won't.  Did the employee disregard the Company policy or chose to ignore to put appropriate measures in place to comply with this? If the former misconduct would be an appropriate route.

    Data breaches sadly can and do happen, and I think the focus should be on ensuring steps are taken so this can not happen again.

    In my last role we only had access to networked systems which HR only could see, we did not have access to public shared folders.

    Hope this helps

    Sarah

  • Hi Clare

    Good question and I am of the opinion that such situations should be tackled on a case by case basis.

    I think some of the questions that I would ask are:

    -What is the employee's track record? Has s/he made errors in the past or is this actually his/her first time?

    -You would need to assess the impact of this mistake for the organisation and the individual/s involved in the grievance. Would the company lose money? Is there a chance the individual/s could sue the company for leaking such confidential information.

    -How much damage has been caused across the organization in terms of the overall need to maintain confidentiality? Has it broken the trust employees have in management and the organization?

    There are many questions that would have to be asked and I am of the opinion that , all the wronged parties would expect action to be taken. After all, his action went against the company policy. If it was an honest mistake with minimal negative impact, a written warning should be kept on file.

    If the implications are far reaching, the organization would have to make the decision to release the individual - honest mistake or not.

    A difficult task but one that needs to be done - action should be taken.

    Again this is my opinion, and to be honest I am limited in knowledge of laws outside of the UAE,  that can guide you on how to tackle this situation. However, I hope this helps. :)

This reply was deleted.

Members

Click here to see a full list of members including our Facilitators.

Did you know that if you go to the list of members, the Members Online button will show you who is online right now? Why not say hello?

What's Happening?

Melanie Guttridge and Maria Kenneth joined DPG Community
Monday
David Woodhouse and Jacqueline Ruth Dhanoya joined DPG Community
Mar 19
ZLYI posted a discussion
Mar 16
Ruth Miller and Simone Howarth joined DPG Community
Mar 13
alan cubero replied to NoahCarcia's discussion Besteonlinecasinoschweiz
Mar 13
alan cubero replied to Oscar Poppy's discussion Play wolf gold slot
Mar 13
Patty Black commented on Mike Collins's blog post Unlocking Potential Through Learning
Mar 7
Samuel Rocher is now a member of DPG Community
Mar 7
More…

CIPD Branch Events

Did you know your local CIPD branch will put on relevant events that are free to CIPD members.

Take a look for your local branch here and what events are happening. Remember attending these events are great CPD evidence.

CIPD Branch Event Search