Employer broke my confidence

Mrs OBumble · 09-06-2021 12:43am

DancingDaisy1 wrote: »

Just wondering what code of conduct did Big Gob (principal) breach here?

I would like to take this issue further as she is not a confidential person and so unprofessional in so many ways.

Ouch!

GDPR, at least. Possibly some sector specific things, too.

Consult your union.

ZeroCool17 · 09-06-2021 1:23am

Mrs OBumble wrote: »

Ouch!

GDPR, at least. Possibly some sector specific things, too.

Consult your union.

So why is this an issue for you when it's the same thing as the original post. Boss telling other team members the personal information?? Do you not think GDPR was breached in the original post? I would think it has.

...Ghost... · 09-06-2021 2:11am

Fian wrote: »

I think this is very unlikely to establish a claim of constructive dismissal. Be very careful and understand the risks before you decide to resign in the expectation that you would be ale to claim this. Also be aware that the compensation payable will not normally meet the loss involved in losing employment unless you are confident you can secure alternative employment quickly.

If the OP is forced to have to leave her employment because of her employers conduct, that is pretty much the definition of constructive dismissal.

georgewickstaff wrote: »

In order to succeed in a claim for unfair dismissal you have to exhaust all internal processes and then and only then decide you cannot continue in that employment. It is a very high bar to clear.

I would think that if your manager apologized to you and asked the staff to refrain from discussing your private business they could probably be off the hook in regard to showing remorse and being reasonable towards you.

The employee does not need to exhaust any internal processes. Her reasoning for skipping the internal process is that she could not trust the employer to keep confidential data confidential.

Mrs OBumble wrote: »

Ouch!

GDPR, at least. Possibly some sector specific things, too.

Consult your union.

This post contradicts every other post you made on the thread. It's ok for the OPs boss to blab, but not ok for the Principal to blurt out a pregnancy of one of her staff members?

Hint: both are confidential

Mrs OBumble · 09-06-2021 2:12am

ZeroCool17 wrote: »

So why is this an issue for you when it's the same thing as the original post. Boss telling other team members the personal information?? Do you not think GDPR was breached in the original post? I would think it has.

The problem is boss telling without employee agreement.

In pregnancy, virtually no one ever tells before 13 weeks.

Whereas with other serious illnesses that are likely to cause employee to become obviously ill during the treatment, its usual to agree what what will be said to colleagues and when. Often one of the really helpful things manager can do is discreetly let colleagues know, so they don't accidentally make insensitive remarks.

They key is WITH EMPLOYEE AGREEMENT. Which I've said several times.

runawaybishop · 09-06-2021 8:27am

AndrewJRenko wrote: »

A verbal breach of GDPR and Data Protection Acts is STILL a breach.

How so? Gdpr specifically deals with data, which is information that is stored in a system. If you tell me something verbally and I repeat it then that is not data.

Diceicle · 09-06-2021 9:05am

harvester of sorrow wrote: »

To think Mrs OBumble used to be a mod here:rolleyes::rolleyes:

Really? No wonder boards has a rep.

09-06-2021 11:05am

Mrs OBumble wrote: »

They key is WITH EMPLOYEE AGREEMENT. Which I've said several times.

There was no employee agreement with the OP either though? Your positions on both of these breaches, which are practically identical, show how contradictory your stance is/was towards the OP.

There was no agreement in place,
People should not have been told private, confidential information,
They were,
Both bosses are in breach of the regulations

Your attempts at painting this one different because "no one says anything before 13 weeks" are simply bizarre. There is no difference between the two cases. Your stance with the OP is "boss should've agreed what should have been said....no breach", and with Daisy your stance is "boss never agreed what should have been said.......therefore, breach".

There was no agreement in either case.

@DancingDaisy1.......you are in the same boat as the OP here and should follow almost all the advice provided in this thread.

rdhma · 09-06-2021 11:19am

GDPR actually states: https://gdpr.eu/eu-gdpr-personal-data/

Furthermore, the GDPR only applies to personal data processed in one of two ways:

Personal data processed wholly or partly by automated means (or, information in electronic form); and
Personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (or, written records in a manual filing system).

It is hard to believe that any business would not keep records of employee time off and reasons for same.
It would seem therefore that this disclosure of personal information constitutes a breach of GDPR, whether or not it had already been recorded on a computer system or on paper.

runawaybishop · 09-06-2021 11:26am

rdhma wrote: »

GDPR actually states: https://gdpr.eu/eu-gdpr-personal-data/

It is hard to believe that any business would not keep records of employee time off and reasons for same.
It would seem therefore that this disclosure of personal information constitutes a breach of GDPR, whether or not it had already been recorded on a computer system or on paper.

It is not a gdpr breech as no data was passed. Data has a specific meaning under the regulations. Gdpr is not the route to take on this, it is more appropriate to pursue a complaint under the companies privacy and/or dignity at work policies.

rdhma · 09-06-2021 11:34am

Data does have a specific meaning under GDPR. Here is the definition of personal data:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

The employer disclosed information relating to an identified person. That is exactly the definition of personal data.

The OP has already stated:

The boss is owner/hr/gdpr person so there isn't anyone higher to speak to

so the boss is not going to investigate their own breach of any policy.

runawaybishop · 09-06-2021 11:56am

rdhma wrote: »

Data does have a specific meaning under GDPR. Here is the definition of personal data:

The employer disclosed information relating to an identified person. That is exactly the definition of personal data.

The OP has already stated:
so the boss is not going to investigate their own breach of any policy.

That's personal data, you need to first look at what data itself is. Data is information stored or processed in some way. Verbal/oral information is not data and GDPR does not apply.

Oral communications do not fall under GDPR legislation, more info if you Google scott v lgbt foundation.

Op needs to exhaust the internal company policies first, doesn't matter if the boss is also HR.

Mike Murdock · 09-06-2021 12:05pm

It just shows that there are a lot of people managers out there who should not be let anywhere near managing people. At all.

MoonUnit75 · 09-06-2021 12:07pm

runawaybishop wrote: »

That's personal data, you need to first look at what data itself is. Data is information stored or processed in some way. Verbal/oral information is not data and GDPR does not apply.

Oral communications do not fall under GDPR legislation, more info if you Google scott v lgbt foundation.

Op needs to exhaust the internal company policies first, doesn't matter if the boss is also HR.

Scott vs LGBT Foundation was based on the UK's 1998 Data Protection Act as GDPR was not in force at the time of the alleged breach. It's not relevant here.

runawaybishop · 09-06-2021 12:14pm

MoonUnit75 wrote: »

Scott vs LGBT Foundation was based on the UK's 1998 Data Protection Act as GDPR was not in force at the time of the alleged breach. It's not relevant here.

Incorrect. The same definition of data is used in the current GDPR legislation.

MoonUnit75 · 09-06-2021 12:17pm

Just so we're all clear:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

https://gdpr-info.eu/art-4-gdpr/

GDPR applies here.

runawaybishop · 09-06-2021 12:30pm

MoonUnit75 wrote: »

Just so we're all clear:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

https://gdpr-info.eu/art-4-gdpr/

GDPR applies here.

GDPR does not apply, what you have posted only confirms what I have said already. Oral information is not data and it has not been processed as per the definitions in the 1988 act or current GDPR legislation.

https://www.rpc.co.uk/snapshots/data-protection/data-regulation-and-oral-communications/

“data” means information in a form in which it can be processed; <- this is the definition of data.

kathleen37 · 09-06-2021 12:42pm

Yes, my understanding of GDPR is that it only relates to data that has been "processed".

https://www.dataprotection.ie/sites/default/files/uploads/2019-07/190710%20Data%20Protection%20Basics.pdf

Personal data doesn’t have to be in written form, it can also be information about
what a data subject looks or sounds like, for example photos or audio or video
recordings, but data protection law only applies where that information is processed
by ‘automated means’ (such as electronically) or as part of some other sort of filing
system

Had the information been advised by email or written down by the manager, then it would have been covered.

Still very bad, but I would say not covered under GDPR

mrslancaster · 09-06-2021 12:59pm

So if an employee has a discussion with HR and the information is not written down or recorded immediately there and then, it's not considered personal data? I'd say there's lots of people would be very surprised to discover that.

Dav010 · 09-06-2021 1:04pm

mrslancaster wrote: »

So if an employee has a discussion with HR and the information is not written down or recorded immediately there and then, it's not considered personal data? I'd say there's lots of people would be very surprised to discover that.

Is the data being processed or stored if it isn’t being written down/stored on computer file?

Calahonda52 · 09-06-2021 1:09pm

Mrs OBumble wrote: »

At a minimum, they had to know you will be going to medical appointments. And if they don't know what for, they would speculate, perhaps guessing worse than you've got.

Will there need to be accommodations made to your job? Will colleagues need to pick up extra work?

Put the boot on the other foot here, or walk in the Ops shoes before penning such stuff.
Another one for the ignore list

rdhma · 09-06-2021 1:12pm

https://gdpr-info.eu/art-4-gdpr/

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation...

Collecting data is explicitly defined as processing, as long as that data is intended to be recorded by the employer.

Personal data processed wholly or partly by automated means (or, information in electronic form); and
Personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (or, written records in a manual filing system).

A casual conversation at the water cooler with the boss about how the kids are doing: Not covered by GDPR.

A conversation with the boss about why you will be absent from work: GDPR defines this as 'collecting data' if there is an intention to enter it in a computer or in a paper filing system, even if it has not yet been entered.

An small employer could in theory circumvent GDPR by keeping all employee information in their head, but that is a very unlikely scenario.

Jim2007 · 09-06-2021 1:40pm

buttercups88 wrote: »

I dont want to go down any legal routes but will see how tomorrow goes.

What do you actually want to achieve here? You are seriously ill and need to concentrate of getting better, do you really think creating a hostile uncooperative work environment is going to help you along that path?

The damage is done and it can’t be undone. It was an incentive dumb mistake on the behalf of your employer put that is all. There is a very big difference between the armchair lawyers telling you your rights and putting a case together that can be sustained in a court of law. It takes commitment and energy that could be better spent in getting better.

There will be plenty of time for venting when you are back to full health and are better able to deal with it.

09-06-2021 2:11pm

runawaybishop wrote: »

Verbal/oral information is not data and GDPR does not apply.

I suspect that it is data, depending on how it is processed further, but feel like exploring it further would be a waste of time.

So here's my thoughts.......It doesn't matter a jot whether or not the OP spoke to their boss, emailed, sent a carrier pigeon or used smoke signals.....they provided their personal data to their boss, who is now the data controller for that information. The boss processed that data (i.e. wrote it down on their file somewhere), then leaked it to the rest of the workforce. Again, whether or not they conveyed the info via oral means is immaterial.....the information was processed by the boss and recorded somewhere. This is 100%, a straight down the middle breach of the GDPR guidelines.

mrslancaster wrote: »

So if an employee has a discussion with HR and the information is not written down or recorded immediately there and then, it's not considered personal data? I'd say there's lots of people would be very surprised to discover that.

That's because it is incorrect. I mean, you've blown the whole purpose of the legislation out of the water. By the twisted logic being applied here, you can disclose all manner of personal data on anybody, as long as that data hasn't been written down somewhere. "He only told me he has AIDS, he never said it in writing....that's why I told the work whatsapp group".

runawaybishop wrote: »

Oral information is not data and it has not been processed as per the definitions in the 1988 act or current GDPR legislation.

“data” means information in a form in which it can be processed; <- this is the definition of data.

What do you imagine happened after the OP conveyed this oral information? Do you reckon that their boss never wrote it down anywhere? Never made a record of it on the OPs file? As soon as that information is recorded, that counts as processing of personal data, and the boss is in breach.

I may be incorrect, but I'd be absolutely amazed if the courts viewed this case differently. Not recording data that SHOULD ordinarily be recorded, to bypass the provisions within the legislation would be looked upon very poorly, in my opinion. Similarly, relaying confidential information that was supplied orally to a third party BEFORE you record it would be frowned upon.

I think you're all getting too bogged down with your own literal interpretation of what constitutes recording of data to admit that the actions by OPs boss, at the very least, is contrary to the spirit of the legislation. At worst, it is a straight up breach of the employers' responsibilities and of the legislation.

MoonUnit75 · 09-06-2021 2:12pm

runawaybishop wrote: »

GDPR does not apply, what you have posted only confirms what I have said already. Oral information is not data and it has not been processed as per the definitions in the 1988 act or current GDPR legislation.

https://www.rpc.co.uk/snapshots/data-protection/data-regulation-and-oral-communications/

“data” means information in a form in which it can be processed; <- this is the definition of data.

The Scott vs LGBT Foundation case hinged on the definition of 'data' under the UK DPA. The judgment says what was passed to the GP could only be considered 'personal data' if it first met the specific definition of 'data' under the DPA. The judge said the information did not fall under the definition of data as laid out under the UK DPA.

The GDPR regulations do not define what 'data' is before it defines 'personal data'. There are several definitions of data, there is one used in computing which is similar to yours above, but data can also simply mean a set of facts, in any format.

Processing of personal data includes dissemination or making available according to the GDPR regulations. Broadcasting it at a staff meeting would meet any definition of 'dissemination'.

MoonUnit75 · 09-06-2021 4:04pm

Jim2007 wrote: »

What do you actually want to achieve here? You are seriously ill and need to concentrate of getting better, do you really think creating a hostile uncooperative work environment is going to help you along that path?

The damage is done and it can’t be undone. It was an incentive dumb mistake on the behalf of your employer put that is all. There is a very big difference between the armchair lawyers telling you your rights and putting a case together that can be sustained in a court of law. It takes commitment and energy that could be better spent in getting better.

There will be plenty of time for venting when you are back to full health and are better able to deal with it.

Maybe for some people, for others the unauthorised leaking of confidential health details to co-workers is a serious matter and feelings of powerlessness and loss of dignity is what makes their workplace unbearable.

The person who leaked this information should be held accountable, if that makes working conditions unbearably hostile then there's the makings of a constructive dismissal case.

09-06-2021 4:26pm

One thing that hasn't been mentioned yet, is that the boss may well have done it on purpose. Gossiping is, and has always been, used as a form of bullying in almost every job imaginable. I've seen people leave their jobs for less severe cases and be rewarded financially for their troubles.

Jim2007 · 09-06-2021 5:36pm

MoonUnit75 wrote: »

Maybe for some people, for others the unauthorised leaking of confidential health details to co-workers is a serious matter and feelings of powerlessness and loss of dignity is what makes their workplace unbearable.

The person who leaked this information should be held accountable, if that makes working conditions unbearably hostile then there's the makings of a constructive dismissal case.

If you are serious ill needing regular treatment the last think you need is to have to go into a hostile environment. The question facing the OP is just how much they want to put up with every day.

They can always go back later and vent. And the changes of a single event being sufficient to carry a case of constructive dismissal is very slim at best.

Calahonda52 · 09-06-2021 5:52pm

OP: whats the real issue with people knowing, is it an Irish thing?

People knowing means people can be there to support you, and a small minority may not.

I have had a recurrence of cancer, not clear yet if my celestial boarding pass is ready to print, but I have told everyone who needs to know.

I am also working on living life to the full and taking whatever treatment makes sense.

Live your life, get well, and let those who don't support you, including the village gossip, (whatever that entails) go and f**k themselves.
If you haven't done so already, do 30 minutes mindfulness or similar every day and clear your head of all this muck.

Get well, keep well and good luck

Dav010 · 09-06-2021 5:57pm

Calahonda52 wrote: »

OP: whats the real issue with people knowing, is it an Irish thing

I would suspect it is a confidentiality “thing” and not wanting your medical problems shared with others. Would that be considered an “Irish thing”, or would it be a basic human response?

09-06-2021 6:27pm

Dav010 wrote: »

e a basic human response?

or, basic human dignity

Employer broke my confidence

Comments