 Re: Company Breaking Confidentiallity
Staff sickness records are subject to the Data Protection Act, and are classified as sensitive personal data. The Act requires that such information is held securely and may only be accessed by authorised persons. It may not be disclosed without your permission apart from in certain circumstances, for example in order to process sick pay, or to report sickness or injury where obliged to for Health & Safety purposes. It should not become common knowledge amongst your friend's colleagues.
Although it would be impossible to prove that your friend has 'suffered' as a consequence of the company's breach of confidence and therefore at this stage has few grounds for compensation, she should certainly submit a formal written grievance expressing her utter indignation and serious concern about sensitive personal information becoming a talking point amongst her colleagues. Leave them in no doubt that she considers this a serios breach of the Data Protection Act and that the Information Commissioner's guidance on Employment Practices is clear about the obligation of businesses with regard to sickness records and sensitive data. She should demand an investigation and assurances that measures are being taken to prevent further discussion as this matter is adding to her stress and wellbeing. Should action not be taken then she will take the matter further.
__________________
--------------------------------------------------------------------------
Any advice given is done so on the assumption that recipients will also take professional advice where appropriate.
If I have been helpful in any way - please feel free to click on the scales! | 
