• Welcome to the new B.I.R.D. Forum. Please be sure to read the "New Member / New Registered ? Please Read" thread in the Coffee Shop. This contains some important information. To become a full member ( £5.90 a year ) simply click on your user name near the top on the right I hope you enjoy the new site ................ Jaws ( John )

GDPR

johnboy

rather fond of a cream bun
Club Sponsor
Dear lads and lasses, does handing out someones personal email address constitute a GDPR breach? My former employer handed out my personal email address which I had not given permission to do so, to a current employee and he has then sent it on to two others.
 

Duck n Dive

Rebel without a clue ...
Club Sponsor
Assuming it's your home personal email and not a work personal email.

Affirm

In my humble opinion.
 

johnboy

rather fond of a cream bun
Club Sponsor
Perhaps for clarity I should explain a bit further. Last week was my last day at work (made redundant), I was placed on garden leave with strict instructions not to contact anyone at work or go into the office etc. so I wiped both my phone and laptop, HR have my personal details, email, home address, phone number etc. so they could arrange collection of my laptop and phone, so HR should have liaised with me for collection but instead they handed out my details to our logistics team to arrange collection of said stuff. I am very angry and would if possible like to take them to the fu#%ing cleaners, but is this enough of a breach to do so.
 

Squag1

Can't remember....
Club Sponsor
So did they collect them and how do you know they are the authorised person.

I know a guy who handed over a new car on the basis of some sort of documentation which proved to be false.
They did eventually get the car back.
 

andyBeaker

Moderator
Staff member
Moderator
Club Sponsor
Perhaps for clarity I should explain a bit further. Last week was my last day at work (made redundant), I was placed on garden leave with strict instructions not to contact anyone at work or go into the office etc. so I wiped both my phone and laptop, HR have my personal details, email, home address, phone number etc. so they could arrange collection of my laptop and phone, so HR should have liaised with me for collection but instead they handed out my details to our logistics team to arrange collection of said stuff. I am very angry and would if possible like to take them to the fu#%ing cleaners, but is this enough of a breach to do so.
If their logistics team is part of the same organisation their action doesn’t seem unreasonable to me. They needed to contact you to take possession of their property (not unreasonable) and as such they needed to either email, phone or knock on your door.

HOWEVER,the subject is a legal minefield, and there is also a possibility of a Data Protection Act breach depending on how the organisation is structured. And whatever, if any, reference there is in respect of use of personal information in your contract.

My personal view is that assuming there is no data protection breach is that the action taken appears entirely reasonable, not the best starting point for any legal action Even if technically an offence/breach has taken place.

If you are still on gardening leave you are still an employee, that may well affect how they can use information.

For,what it’s worth I would vent my spleen if it makes you feel better and then move on.
 

Duck n Dive

Rebel without a clue ...
Club Sponsor
Hmmmm, my view is that they can use and share your information internally in a reasonable way.

They have to ensure that where they (HR) share your information with other people then it it is appropriate, limited to people/timescale which is reasonable and necessary.
In the circumstances you've described it wouls seem to me they've been reasonable.

Even had they breached the DP regs it's unlikely anything would actually happen to them. Sanctions for breach of the DPRs seem to be based on how private/personal the breach is (bank account information for instance) and the scale of the breach. Only if thousands are affected does there seem to be more than a "don't be naughty a again"
 

Cougar377

Express elevator to hell
Staff member
Moderator
Club Sponsor
As Andy said, if the logistics team are part of the same company/organisation then their passing on of your details is covered by legitimate business needs. Even if it's an external company then the scenario that you described would still be classed as legitimate usage of your details.

Companies who use third parties to deliver are doing it all the time, but technically they should seek authorisation to pass your details on to a delivery company working on their behalf. Most will have something buried in the small print to cover themselves, but they rarely draw your attention to it sufficiently and that is a breech of GDPR in itself.

Once you leave the company , though, it becomes a whole different kettle of rhubarb. But.... GDPR is more or less unworkable when applied to employment scenarios. Business need is a massive catch all that can be used for all sorts of legitimate and illegal activities.

Prosecutions for breech of GDPR relating to indiviuals are rare, it's mainly where a large amount of personal detail is being used in contravention of the rules that you will see prosecutions. Even then, it's amazing how many national, multi-national and governmental organisations get off so lighty.
 

derek kelly

The Deli lama
Club Sponsor
I don’t think they have broken any rules, check your contract, also have a look at RIPA & see if there’s anything there that covers it.
 

DEG5Y

Been there, and had one
Club Sponsor
As said above, vent, and suggest that you will be seeking advice regarding their breach.
(which I believe it is, unless the people the info was past on to come under some form of information secrets act)
See what the reaction is, you maybe able to judge whether there was any wrong doing from how they reply.

Just don't tell them the advice came from B.I.R.D as its reputation goes before it!
 

Cougar377

Express elevator to hell
Staff member
Moderator
Club Sponsor
As said above, vent, and suggest that you will be seeking advice regarding their breach.
(which I believe it is, unless the people the info was past on to come under some form of information secrets act)
See what the reaction is, you maybe able to judge whether there was any wrong doing from how they reply.

Just don't tell them the advice came from B.I.R.D as its reputation goes before it!
Everything I know I learned from BIRD. o_O
 
Top