Help required with workplace discipline
- Thread starter omnomnom
- Start date
Thanks. My mind is completely made up in regard to leaving but im not going without a fight basically. As for being transparent, i have 100% and i have previously reduced the same person to tears when i was describing the issues i was facing.
Just printed my ambulance report. This should be a fun meeting
Last edited:
Hi OP,
I'm really sorry to hear you're going through all this - I've a lot of experience with my own MH demons and how it can impact work. I really hope things improve.
IANAL.
A few thoughts:
There are potentially GDPR implications if your boss didn't give explicit consent for their personal data to be shared. I would have asked my partner to message him from my phone, and just say something like "hey, this is omnomnom's partner, I'm messaging on his behalf because he's unable...". However, as there's a clear and legitimate interest for having shared the number I imagine it would be viewed as justified by a most. Also as this was a personal number freely shared, I doubt the company's privacy policy could reasonably be applied, but would depend on the policy itself. I would be astonished if anyone would pursue any sort of litigation along these lines given the context, and even less chance that they'd succeed. But, some places are petty as hell.
Is it relevant that you have evidence that your password was changed and your work data was shared - this would depend massively on their policies regarding acceptable/personal use. Article 8 of the ECHR specifically protects a person's right to "respect for his private and family life, his home and his correspondence", so if they logged into your computer account and you have evidence that they ended up in your personal e-mails, they've probably crossed a line. However, logging on to the account to find work related data which, generally speaking will be owned by the company, is probably fine.
It's quite reasonable not to follow absence procedures if you're unable due to a health condition - ACAS would tear this apart.
Telling work that you were admitted to hospital via ambulance and probably wouldn't be in the following day, but then showing up, does send mixed signals. Even though it came from a good place, someone will say something like "can't possibly have been that unwell" (even though this is obviously untrue). I've found it's quite important to set expectations as stick to them as far as possible. Also, documentation of everything will be essential.
You really need ACAS' help here. My impression is that they're trying to manage you out.
All the best, OP.
I'm really sorry to hear you're going through all this - I've a lot of experience with my own MH demons and how it can impact work. I really hope things improve.
IANAL.
A few thoughts:
There are potentially GDPR implications if your boss didn't give explicit consent for their personal data to be shared. I would have asked my partner to message him from my phone, and just say something like "hey, this is omnomnom's partner, I'm messaging on his behalf because he's unable...". However, as there's a clear and legitimate interest for having shared the number I imagine it would be viewed as justified by a most. Also as this was a personal number freely shared, I doubt the company's privacy policy could reasonably be applied, but would depend on the policy itself. I would be astonished if anyone would pursue any sort of litigation along these lines given the context, and even less chance that they'd succeed. But, some places are petty as hell.
Is it relevant that you have evidence that your password was changed and your work data was shared - this would depend massively on their policies regarding acceptable/personal use. Article 8 of the ECHR specifically protects a person's right to "respect for his private and family life, his home and his correspondence", so if they logged into your computer account and you have evidence that they ended up in your personal e-mails, they've probably crossed a line. However, logging on to the account to find work related data which, generally speaking will be owned by the company, is probably fine.
It's quite reasonable not to follow absence procedures if you're unable due to a health condition - ACAS would tear this apart.
Telling work that you were admitted to hospital via ambulance and probably wouldn't be in the following day, but then showing up, does send mixed signals. Even though it came from a good place, someone will say something like "can't possibly have been that unwell" (even though this is obviously untrue). I've found it's quite important to set expectations as stick to them as far as possible. Also, documentation of everything will be essential.
You really need ACAS' help here. My impression is that they're trying to manage you out.
All the best, OP.
Re: that point - worth noting that you can check this easily in Gmail - scroll to the bottom right and click on "details":
FWIW I wouldn't personally log into anything personal on a work computer tbh. (and in some cases, I'd avoid using the network too - some companies using enterprise security software will spoof security certificates).
It is entirely reasonable for an organisation to reset your password* and allow someone else to access your device in your absence (although does suggest they have some gaping holes in their business continuity if that is actually required). This however should be audited, and you should reset your password as soon as you are back in the office.
Rule number one of work IT equipment = don't keep personal stuff on work IT equipment (or use it for personal stuff), it's just all-round a terrible idea for both parties.
*If they gave access to this other person your original password, then that is a) a whole different matter, and b) rings massive alarm bells for their security if they are storing passwords in a retrievable manner!
My partner used my phone as she knew who my manager was. I was in absolutely no fit state so she did what she thought was the right thing to do.
Thank you everyone for the responses, they've been very helpful. I'll just be upfront, honest and whatever happens, happens.
If they’re a cusing you of breaking GDPR then you want to seek legal advice and have them produce firm evidence.
Soldato
- Joined
- 4 Aug 2007
- Posts
- 21,997
- Location
- Wilds of suffolk
Is your phone personal or company?
All phones in question are personal phones. no one has a "business" phone.
I will.
Honestly im well underpaid for what i do so im taking it as a positive and a wee kick up the arse, id just rather leave on my terms.
Soldato
- Joined
- 4 Aug 2007
- Posts
- 21,997
- Location
- Wilds of suffolk
So they want to "do you" under GDPR for personal phone messages from one phone to another personal phone.
Get the policy, it may mention usage of personal devices must not be used for company business such as accessing networks etc, but that is a hard stretch in this case.
Household activity is excluded from GDPR and I would say that is what you were doing not undertaking business activity.
Also interesting point of view. As you did not send the message you could argue that you had no idea that your GF was going to send the message, as its your personal phone and she has access to it, she took it upon herself to get the contact details for your manager which your manager had given to you previously.
Seeing as the contacted number was a private one you were within your right to hold that and its outside the companies GDPR responsibility which is to do with business information or others private information you can access via the business.
Why did your manager give you their private number?
Last edited:
Yup, said earlier it's nonsense as it's personal device to personal device and using private (not company) info given between people and stored on said personal devices.
I guess exceptions might be if you had access to personal data via your role at the company, like HR having a load of personal addresses/phone numbers etc.. but even then there might be good reason - like say a new manager doesn't have the personal contact info of someone who has gone AWOL they might want HR to pass on details so they can give them a call.
On the flip side if you use a mate in HR to get the personal phone number for the cute new girl on the reception desk or to find other personal info about her then that's clearly abusing company data.
I'd strongly disagree with that, it's not reasonable at all, you've mentioned storing the passwords but even just resetting and then using his credentials without revealing the specific password is also really bad practice, it completely undermines security/audit details.
It's completely unnecessary - designated IT people should have admin access without needing to log in as another individual/use their credentials, ditto to accessing OP or any employee's emails - I can't think of anything that should require logging in as a given regular user that isn't yourself save for bad/sloppy practices. Standard in some places for a manager to be sent all the emails sent to the email address of an employee who has left (might even happen from the date the employee hands in their notice) - they don't, however, reply as that individual or use that individuals credentials in any way, their reply is sent from their own address, they log into their own email account etc.. "Hey [client] Brian has left the company but I see this still needs attention..."
I guess some industries get sloppy perhaps but this sort of thing is pretty important in various places - you want to know who made a code change or who accesses a particular system, for people working with banking systems, for example, you might have regular security checks/audits where someone will call and ask why you logged in on X date and made Y change - if user credentials are being used by others then that's a huge issue for any audit as the whole process is completely undermined. So no one should be given permission to log in and appear as another user - there's just no reasonable grounds to do it.
I guess exceptions might be if you had access to personal data via your role at the company, like HR having a load of personal addresses/phone numbers etc.. but even then there might be good reason - like say a new manager doesn't have the personal contact info of someone who has gone AWOL they might want HR to pass on details so they can give them a call.
On the flip side if you use a mate in HR to get the personal phone number for the cute new girl on the reception desk or to find other personal info about her then that's clearly abusing company data.
I'd strongly disagree with that, it's not reasonable at all, you've mentioned storing the passwords but even just resetting and then using his credentials without revealing the specific password is also really bad practice, it completely undermines security/audit details.
It's completely unnecessary - designated IT people should have admin access without needing to log in as another individual/use their credentials, ditto to accessing OP or any employee's emails - I can't think of anything that should require logging in as a given regular user that isn't yourself save for bad/sloppy practices. Standard in some places for a manager to be sent all the emails sent to the email address of an employee who has left (might even happen from the date the employee hands in their notice) - they don't, however, reply as that individual or use that individuals credentials in any way, their reply is sent from their own address, they log into their own email account etc.. "Hey [client] Brian has left the company but I see this still needs attention..."
I guess some industries get sloppy perhaps but this sort of thing is pretty important in various places - you want to know who made a code change or who accesses a particular system, for people working with banking systems, for example, you might have regular security checks/audits where someone will call and ask why you logged in on X date and made Y change - if user credentials are being used by others then that's a huge issue for any audit as the whole process is completely undermined. So no one should be given permission to log in and appear as another user - there's just no reasonable grounds to do it.
Last edited:
No - I don't think you quite get what I'm saying. GDPR and data privacy is a law. Seek legal advice to ensure that you and they aren't accusing you of breaking the law.
Facilitating a data breech could have consequences on your future employment and other parts of your life. Therefore go through the process of discussing with your legal and have them talk to their legal. If they don't have a pot to widdle in they're going to back down and have a serious issue of a false accusation that is likely to cost the HR director and other involved parties their jobs..
Last edited:
This. Any reasonable firm would wish you well and don’t hesitate if you need anything considering the circumstances. As others have said, they want out and so will manage it as such.
Soldato
- Joined
- 22 Apr 2009
- Posts
- 3,749
- Location
- North-West
Not legal…
GDPR does not apply to a person but to a company. If they think you have broke GDPR under them….. then it is themselves that should get fined.
GDPR does not apply to a person but to a company. If they think you have broke GDPR under them….. then it is themselves that should get fined.
Is there a tagline for this i can maybe write down? I appreciate you have but im sure you know what i mean.
Edit
Sorry i mean from a legal website. I have written this in my notes though
Last edited:
Thank you, i didnt think of it as a law break so its certainly something ill mention.
Well, there wasnt a specific reason but its used to call in sick etc.