Tweet
I sent a SAR on behalf of/with a member of mine (I`m a Union Rep). We work at an NHS Trust and the member potentially has a case for harassment/bullying. We wanted to see what emails have been sent regarding the member between one particular member of staff and the line manager and to cover all bases, the other managers above and deputy managers. The member has had an issue previously with the line manager discussing staff and raised a concern when having supervision with a senior nurse, though typicality nothing came of it, as in the NHS all managers support and protect each other.
The SAR has been returned after a long wait but we are horrified that they have processed it by emailing all the managers involved and asking them to forward their emails. The expectation was that they would use a search tool involving the IT dept. So the line manager who this member has complained about before, and who may be complicit in the potential harassment/bullying now knows what we have done, making it very difficult for my member. The manager is also very loose tongued and will undoubtedly not keep this information within her office.
The ICO seem to agree that they have infringed her rights of privacy by letting all the people named in the SAR (except1) know a SAR was being done and they did not need to give that information to all those staff. They advise a concern to be written, which I am just putting together now and potentially a complaint to them (ICO). I am also asking for another trawl through IT this time, as one email from the perpetrator has apparently no answer from the said line manager, which seems unbelievable. We suspect that not all emails have been forwarded.
The harm is done, as far as my member is concerned and she is very upset. Considering I advised her and told her this was all confidential, I feel responsible for other staff where we work now knowing about this private matter.
However, I suspect they may say (the Information Governance Dept) that those staff have a right to know their emails are being released as a way of justifying what they have done. It has been difficult to find anything conclusive online about this - any help appreciated.
The SAR has been returned after a long wait but we are horrified that they have processed it by emailing all the managers involved and asking them to forward their emails. The expectation was that they would use a search tool involving the IT dept. So the line manager who this member has complained about before, and who may be complicit in the potential harassment/bullying now knows what we have done, making it very difficult for my member. The manager is also very loose tongued and will undoubtedly not keep this information within her office.
The ICO seem to agree that they have infringed her rights of privacy by letting all the people named in the SAR (except1) know a SAR was being done and they did not need to give that information to all those staff. They advise a concern to be written, which I am just putting together now and potentially a complaint to them (ICO). I am also asking for another trawl through IT this time, as one email from the perpetrator has apparently no answer from the said line manager, which seems unbelievable. We suspect that not all emails have been forwarded.
The harm is done, as far as my member is concerned and she is very upset. Considering I advised her and told her this was all confidential, I feel responsible for other staff where we work now knowing about this private matter.
However, I suspect they may say (the Information Governance Dept) that those staff have a right to know their emails are being released as a way of justifying what they have done. It has been difficult to find anything conclusive online about this - any help appreciated.
Comment