Possible discipline over Security worry !.

[stella1111]

Possible discipline over Security worry !.

 

Wondering if anyone can see the situation from a different perspective.

 

I moved to a different office from another public office to start a different job.

 

Whilst training last Week, my trainer helped me and sat with me whilst I completed a form that could be emailed to another outside organisation.

 

The organisation had a legal entitlement to receive this information. I did doubt this with my trainer but she just said send the email, so I reluctantly sent it.

 

Shortly after, I discovered that I had ticked the wrong box on the form, which then stopped a warning message from appearing. The message would have said ‘ post this data only as an email would be a security issue’. I think it is something to do with the type of data and that the internet is not trusted enough, even though some personal data can be emailed via the internet.

 

I recalled the message and phoned the organisation but they checked and said that the email had not been rec’d at their office. They doubted it was even sent, possibly due to the fact that I had added information to the subject line which is known to cause linking problems apparently.

 

I know security ignorance is not going to help me as I have responsibility here too and I do not blame others as I should have refused to follow her instructions,

 

However, I feel as though support has not been forthcoming and procedures have not been followed, not to mention my trainer who was actually training me how to complete and send this form. I feel that this supervisor was ignorant of the processes too and this has bounced on to me.

 

I spoke to my line manager but she said don’t worry, so nothing was reported. However, my trainer said ‘you pressed the button’.

 

I read up on security policy afterwards and my heart sank because it seems that this could fall under serious to gross misconduct, because even though I sent it to the correct people, I communicated the data under the wrong format ( email as opposed to post )

 

Even though it was an accident / error, partly due to training confusion I feel, my job could be on the line if it blows up. Everyone else seems unconcerned.

 

If anyone has their own feelings, please share.

 

Thanks very much

 

stella

[fkofilee]

Stella... Have you been asked to go in for a Disciplinary at this time?

[stella1111]

No fkofilee, at this time it seems to be brushed under the carpet. I sense that if I leave it, it will be by chance if it is picked up by a random audit or something like that.

 

thanks

 

stella

[unclebulgaria67]

Possible discipline over Security worry !.

 

Wondering if anyone can see the situation from a different perspective.

 

I moved to a different office from another public office to start a different job.

 

Whilst training last Week, my trainer helped me and sat with me whilst I completed a form that could be emailed to another outside organisation.

 

The organisation had a legal entitlement to receive this information. I did doubt this with my trainer but she just said send the email, so I reluctantly sent it.

 

Shortly after, I discovered that I had ticked the wrong box on the form, which then stopped a warning message from appearing. The message would have said ‘ post this data only as an email would be a security issue’. I think it is something to do with the type of data and that the internet is not trusted enough, even though some personal data can be emailed via the internet.

 

I recalled the message and phoned the organisation but they checked and said that the email had not been rec’d at their office. They doubted it was even sent, possibly due to the fact that I had added information to the subject line which is known to cause linking problems apparently.

 

I know security ignorance is not going to help me as I have responsibility here too and I do not blame others as I should have refused to follow her instructions,

 

However, I feel as though support has not been forthcoming and procedures have not been followed, not to mention my trainer who was actually training me how to complete and send this form. I feel that this supervisor was ignorant of the processes too and this has bounced on to me.

 

I spoke to my line manager but she said don’t worry, so nothing was reported. However, my trainer said ‘you pressed the button’.

 

I read up on security policy afterwards and my heart sank because it seems that this could fall under serious to gross misconduct, because even though I sent it to the correct people, I communicated the data under the wrong format ( email as opposed to post )

 

Even though it was an accident / error, partly due to training confusion I feel, my job could be on the line if it blows up. Everyone else seems unconcerned.

 

If anyone has their own feelings, please share.

 

Thanks very much

 

stella

 

Worrying too much. The trainer was responsible, because you were under instruction.

 

Suggest that you find out the companies security policy for the future.

 

When i have sent data in this way, it has been in an encrypted format and the person receiving had to have a password which was changed daily.

[stella1111]

Thanks unclebulgaria. Interesting insight. much appreciated. I did wonder if my 15 Years service would be viewed as adequate time to learn security. I did doubt this process which lead to the breach. I was under instruction as you say and I did not have any knowledge of this new procedure of emailing forms. I trusted my supervisor's instruction would be okay but I was wrong.

 

'I pressed the button'......... attititude which kind of makes me the centre of blame.

 

thanks, stella

[ericsbrother]

so an email got automatically deleted because it was seen as spam by the recipient mailbox.

This means that the event didnt really occur so no damage done.

Mind how you go.

[Mr.P]

I recalled the message and phoned the organisation but they checked and said that the email had not been rec’d at their office.

 

In future, do not rely on being able to recall emails. Not all recipients will have such a "feature" enabled in their email reader or even honour a recall request: One local company found out to their cost after emailing me some confidential information and then tried to recall the email....

[stella1111]

Thanks for your input

[stella1111]

I am worried and my mind is in over drive. I keep thinking about consequences. the finger is pointed at me because 'i pushed the button' and I should have known about security issues, which I do to a greater or lesser degree. I was however, just following the instructions by my trainer who ho said that it is okay to send this data by email and she said send the email. however, it was sent on my watch. the data was a customer address which is normally allowed by email without encryption but it was a special case client so it should have been posted. i keep thinking that the email might get intercepted by someone who is looking for this client but what are the odds of this happening by someone who just happend to hack into an email at the right time. All my trainer said was you know about secuity after 15 years and you pressed the button. thanks for listening and advcice...stella

[Emmzzi]

Stella, write yourself a note of what happened while it is fresh in your memory and then file it away. It'll be there if you need it. But your manager is telling you not to worry - so please don't!

[stella1111]

okay emmzzi i will do that. I keep thinking that next I will be blamed for not reporting the incident to the security incident body, even though i alerted my line manager to a potential mishap. Does that not make me negligent of not reporting an incident ?

[Emmzzi]

Does your organisation care much about that? Have you ever seen anyone be in trouble for it? What stopped you from reporting it when it happened?