A colleague found on our LAN all employee's resumes/CV. Is this a data breach?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite












I work in an office in the UK with about 120 staff.
We all have access to the "public drive" which is a LAN for us to share work. There's also thing on there like pics from the Christmas party, etc. It's pretty big.



A colleague recently told me that he found a folder full of every employee's resume/CV. Some he didn't recognise, so they must be people who applied and didn't get a job. He also told me things about other people's previous work.
I'd also heard another colleague say that he once found his own interview feedback, with comments and everything.



I feel like this is a breech of privacy. Is it? I don't know if mine is on there because I cant find it and I don't want to ask and bring attention to it for others to read, but i would hate to see mine on there.



Does this breach data protection laws?



I should note that my line of work makes in necessary for my employees to know my phone number, though probably not my address. But what about the other bits of information. Fair enough its not personal data, but isn't it unfair to have this public?



Note: I'm not asking if the person who found this information committed a data breach, but if the company did by putting it on the public drive in the first place.






united-kingdom privacy







share|improve this question



















  • 1




    Address, personal phone number, emails, and employment history are all personal data and should NOT be shared. That folder should have, at least, access restrictions (and rejected candidates' CV should be deleted to avoid nightmares with GDPR). Inform IMMEDIATELY HR.
    – Adriano Repetti
    36 mins ago











  • "I feel like this is a breech of privacy. Is it?". Yes, a big one. "Does this breech data protection laws?". Depends on your jurisdiction. Its certainly a big GDPR breach.
    – Polygnome
    35 mins ago










  • Are comments/feedback also personal? Ive just found a spreadsheet with some current employers name on. Comments include "Came across enthusiastic. Did well on case study" etc. These look like internal comments. Not necessarily passed on to the candidate
    – OnlineUser02094
    25 mins ago










  • @OnlineUser02094 This is not personal information however should still be kept private from other employees
    – Twyxz
    21 mins ago










  • Potential information Security nightmare from what you described. On the way to work, so will answer when I have time
    – Anthony
    15 mins ago
















up vote
1
down vote

favorite












I work in an office in the UK with about 120 staff.
We all have access to the "public drive" which is a LAN for us to share work. There's also thing on there like pics from the Christmas party, etc. It's pretty big.



A colleague recently told me that he found a folder full of every employee's resume/CV. Some he didn't recognise, so they must be people who applied and didn't get a job. He also told me things about other people's previous work.
I'd also heard another colleague say that he once found his own interview feedback, with comments and everything.



I feel like this is a breech of privacy. Is it? I don't know if mine is on there because I cant find it and I don't want to ask and bring attention to it for others to read, but i would hate to see mine on there.



Does this breach data protection laws?



I should note that my line of work makes in necessary for my employees to know my phone number, though probably not my address. But what about the other bits of information. Fair enough its not personal data, but isn't it unfair to have this public?



Note: I'm not asking if the person who found this information committed a data breach, but if the company did by putting it on the public drive in the first place.






united-kingdom privacy







share|improve this question



















  • 1




    Address, personal phone number, emails, and employment history are all personal data and should NOT be shared. That folder should have, at least, access restrictions (and rejected candidates' CV should be deleted to avoid nightmares with GDPR). Inform IMMEDIATELY HR.
    – Adriano Repetti
    36 mins ago











  • "I feel like this is a breech of privacy. Is it?". Yes, a big one. "Does this breech data protection laws?". Depends on your jurisdiction. Its certainly a big GDPR breach.
    – Polygnome
    35 mins ago










  • Are comments/feedback also personal? Ive just found a spreadsheet with some current employers name on. Comments include "Came across enthusiastic. Did well on case study" etc. These look like internal comments. Not necessarily passed on to the candidate
    – OnlineUser02094
    25 mins ago










  • @OnlineUser02094 This is not personal information however should still be kept private from other employees
    – Twyxz
    21 mins ago










  • Potential information Security nightmare from what you described. On the way to work, so will answer when I have time
    – Anthony
    15 mins ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I work in an office in the UK with about 120 staff.
We all have access to the "public drive" which is a LAN for us to share work. There's also thing on there like pics from the Christmas party, etc. It's pretty big.



A colleague recently told me that he found a folder full of every employee's resume/CV. Some he didn't recognise, so they must be people who applied and didn't get a job. He also told me things about other people's previous work.
I'd also heard another colleague say that he once found his own interview feedback, with comments and everything.



I feel like this is a breech of privacy. Is it? I don't know if mine is on there because I cant find it and I don't want to ask and bring attention to it for others to read, but i would hate to see mine on there.



Does this breach data protection laws?



I should note that my line of work makes in necessary for my employees to know my phone number, though probably not my address. But what about the other bits of information. Fair enough its not personal data, but isn't it unfair to have this public?



Note: I'm not asking if the person who found this information committed a data breach, but if the company did by putting it on the public drive in the first place.






united-kingdom privacy







share|improve this question















I work in an office in the UK with about 120 staff.
We all have access to the "public drive" which is a LAN for us to share work. There's also thing on there like pics from the Christmas party, etc. It's pretty big.



A colleague recently told me that he found a folder full of every employee's resume/CV. Some he didn't recognise, so they must be people who applied and didn't get a job. He also told me things about other people's previous work.
I'd also heard another colleague say that he once found his own interview feedback, with comments and everything.



I feel like this is a breech of privacy. Is it? I don't know if mine is on there because I cant find it and I don't want to ask and bring attention to it for others to read, but i would hate to see mine on there.



Does this breach data protection laws?



I should note that my line of work makes in necessary for my employees to know my phone number, though probably not my address. But what about the other bits of information. Fair enough its not personal data, but isn't it unfair to have this public?



Note: I'm not asking if the person who found this information committed a data breach, but if the company did by putting it on the public drive in the first place.






united-kingdom privacy




united-kingdom privacy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 min ago









AdzzzUK

3,0983714




3,0983714










asked 44 mins ago









OnlineUser02094

1072




1072







  • 1




    Address, personal phone number, emails, and employment history are all personal data and should NOT be shared. That folder should have, at least, access restrictions (and rejected candidates' CV should be deleted to avoid nightmares with GDPR). Inform IMMEDIATELY HR.
    – Adriano Repetti
    36 mins ago











  • "I feel like this is a breech of privacy. Is it?". Yes, a big one. "Does this breech data protection laws?". Depends on your jurisdiction. Its certainly a big GDPR breach.
    – Polygnome
    35 mins ago










  • Are comments/feedback also personal? Ive just found a spreadsheet with some current employers name on. Comments include "Came across enthusiastic. Did well on case study" etc. These look like internal comments. Not necessarily passed on to the candidate
    – OnlineUser02094
    25 mins ago










  • @OnlineUser02094 This is not personal information however should still be kept private from other employees
    – Twyxz
    21 mins ago










  • Potential information Security nightmare from what you described. On the way to work, so will answer when I have time
    – Anthony
    15 mins ago












  • 1




    Address, personal phone number, emails, and employment history are all personal data and should NOT be shared. That folder should have, at least, access restrictions (and rejected candidates' CV should be deleted to avoid nightmares with GDPR). Inform IMMEDIATELY HR.
    – Adriano Repetti
    36 mins ago











  • "I feel like this is a breech of privacy. Is it?". Yes, a big one. "Does this breech data protection laws?". Depends on your jurisdiction. Its certainly a big GDPR breach.
    – Polygnome
    35 mins ago










  • Are comments/feedback also personal? Ive just found a spreadsheet with some current employers name on. Comments include "Came across enthusiastic. Did well on case study" etc. These look like internal comments. Not necessarily passed on to the candidate
    – OnlineUser02094
    25 mins ago










  • @OnlineUser02094 This is not personal information however should still be kept private from other employees
    – Twyxz
    21 mins ago










  • Potential information Security nightmare from what you described. On the way to work, so will answer when I have time
    – Anthony
    15 mins ago







1




1




Address, personal phone number, emails, and employment history are all personal data and should NOT be shared. That folder should have, at least, access restrictions (and rejected candidates' CV should be deleted to avoid nightmares with GDPR). Inform IMMEDIATELY HR.
– Adriano Repetti
36 mins ago





Address, personal phone number, emails, and employment history are all personal data and should NOT be shared. That folder should have, at least, access restrictions (and rejected candidates' CV should be deleted to avoid nightmares with GDPR). Inform IMMEDIATELY HR.
– Adriano Repetti
36 mins ago













"I feel like this is a breech of privacy. Is it?". Yes, a big one. "Does this breech data protection laws?". Depends on your jurisdiction. Its certainly a big GDPR breach.
– Polygnome
35 mins ago




"I feel like this is a breech of privacy. Is it?". Yes, a big one. "Does this breech data protection laws?". Depends on your jurisdiction. Its certainly a big GDPR breach.
– Polygnome
35 mins ago












Are comments/feedback also personal? Ive just found a spreadsheet with some current employers name on. Comments include "Came across enthusiastic. Did well on case study" etc. These look like internal comments. Not necessarily passed on to the candidate
– OnlineUser02094
25 mins ago




Are comments/feedback also personal? Ive just found a spreadsheet with some current employers name on. Comments include "Came across enthusiastic. Did well on case study" etc. These look like internal comments. Not necessarily passed on to the candidate
– OnlineUser02094
25 mins ago












@OnlineUser02094 This is not personal information however should still be kept private from other employees
– Twyxz
21 mins ago




@OnlineUser02094 This is not personal information however should still be kept private from other employees
– Twyxz
21 mins ago












Potential information Security nightmare from what you described. On the way to work, so will answer when I have time
– Anthony
15 mins ago




Potential information Security nightmare from what you described. On the way to work, so will answer when I have time
– Anthony
15 mins ago










1 Answer
1






active

oldest

votes

















up vote
1
down vote













As you are based in the UK this is a huge issue for your company especially with the new GDPR changes.



Any personal information should be protected including, Address, Phone Numbers and even any employment history.



Other employees should most definitely not be able to access personal comments, interview comments and especially not personal details that should be secure. Report this to your manager/HR straight away otherwise you're going to have a massive issue if any of this is released outside of the company...



As you mentioned you can see the comments/feedback on a spreadsheet. Although not personal... This could cause some other potential issues within the company e.g. bullying, complaints and just unnecessary discussion in general.






share|improve this answer




















  • Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
    – AdzzzUK
    just now










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "423"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f119332%2fa-colleague-found-on-our-lan-all-employees-resumes-cv-is-this-a-data-breach%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote













As you are based in the UK this is a huge issue for your company especially with the new GDPR changes.



Any personal information should be protected including, Address, Phone Numbers and even any employment history.



Other employees should most definitely not be able to access personal comments, interview comments and especially not personal details that should be secure. Report this to your manager/HR straight away otherwise you're going to have a massive issue if any of this is released outside of the company...



As you mentioned you can see the comments/feedback on a spreadsheet. Although not personal... This could cause some other potential issues within the company e.g. bullying, complaints and just unnecessary discussion in general.






share|improve this answer




















  • Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
    – AdzzzUK
    just now














up vote
1
down vote













As you are based in the UK this is a huge issue for your company especially with the new GDPR changes.



Any personal information should be protected including, Address, Phone Numbers and even any employment history.



Other employees should most definitely not be able to access personal comments, interview comments and especially not personal details that should be secure. Report this to your manager/HR straight away otherwise you're going to have a massive issue if any of this is released outside of the company...



As you mentioned you can see the comments/feedback on a spreadsheet. Although not personal... This could cause some other potential issues within the company e.g. bullying, complaints and just unnecessary discussion in general.






share|improve this answer




















  • Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
    – AdzzzUK
    just now












up vote
1
down vote










up vote
1
down vote









As you are based in the UK this is a huge issue for your company especially with the new GDPR changes.



Any personal information should be protected including, Address, Phone Numbers and even any employment history.



Other employees should most definitely not be able to access personal comments, interview comments and especially not personal details that should be secure. Report this to your manager/HR straight away otherwise you're going to have a massive issue if any of this is released outside of the company...



As you mentioned you can see the comments/feedback on a spreadsheet. Although not personal... This could cause some other potential issues within the company e.g. bullying, complaints and just unnecessary discussion in general.






share|improve this answer












As you are based in the UK this is a huge issue for your company especially with the new GDPR changes.



Any personal information should be protected including, Address, Phone Numbers and even any employment history.



Other employees should most definitely not be able to access personal comments, interview comments and especially not personal details that should be secure. Report this to your manager/HR straight away otherwise you're going to have a massive issue if any of this is released outside of the company...



As you mentioned you can see the comments/feedback on a spreadsheet. Although not personal... This could cause some other potential issues within the company e.g. bullying, complaints and just unnecessary discussion in general.







share|improve this answer












share|improve this answer



share|improve this answer










answered 13 mins ago









Twyxz

3,60931645




3,60931645











  • Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
    – AdzzzUK
    just now
















  • Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
    – AdzzzUK
    just now















Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
– AdzzzUK
just now




Report to the IT team and the person responible for GDPR immediately, as IT will need to take steps to lock down access.
– AdzzzUK
just now

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f119332%2fa-colleague-found-on-our-lan-all-employees-resumes-cv-is-this-a-data-breach%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

What does second last employer means? [closed]

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote -3 down vote favorite Say, for example I have worked in the following companies, Company A => 2010 - 2011 Company B => 2011 - 2012 Company C => 2012 - Till Date Company D => Have offer Now assume Company D is asking to submit documents from my second last employer. So from the list of companies given, which company would be qualified as second last employer? software-industry employer share | improve this question asked Aug 10 '14 at 5:16 Rajaprabhu Aravindasamy 559 1 6 13 closed as off-topic by Jim G., jmort253 ♦ Aug 11 '14 at 1:58 This question appears to be off-topic. The users who voted to close gave this specific reason: "Questions seeking advice on company-specific regulations, agreements, or policies should be directed to your manager or HR department. Questions that address...
Read more

List of Gilmore Girls characters

Image
The season three cast—(Back row): Lane, Michel, Paris, Emily, Richard, Sookie, Miss Patty, Kirk; Front row: Jess, Luke, Lorelai, Rory, Dean This is a list of characters for the comedy-drama television series Gilmore Girls . Contents 1 Main characters 1.1 Lorelai Gilmore 1.2 Rory Gilmore 1.3 Sookie St. James 1.4 Lane Kim 1.5 Michel Gerard 1.6 Luke Danes 1.7 Emily Gilmore 1.8 Richard Gilmore 1.9 Paris Geller 1.10 Dean Forester 1.11 Jess Mariano 1.12 Kirk Gleason 1.13 Jason Stiles 1.14 Logan Huntzberger 2 Major recurring characters 2.1 Christopher Hayden 2.2 Jackson Belleville 2.3 Mrs. Kim 2.4 Tristin DuGray 2.5 Max Medina 2.6 Taylor Doose 2.7 Dave Rygalski 2.8 Marty 3 Recurring characters 3.1 Stars Hollow 3.2 Chilton 3.3 Yale 3.4 Other 4 Notable guest stars 5 Unseen characters 6 Notes 7 References Main characters Actor Character Appearances Season 1 Season 2 Season 3 Season 4 Season 5 Season 6 Season 7 A Year in the Life Lauren Graham Lorelai Gilmore...
Read more

One-line joke

A one-liner is a joke that is delivered in a single line. A good one-liner is said to be pithy - concise and meaningful. [1] Comedians and actors use this comedic method as part of their act, e.g. Jimmy Carr, Tommy Cooper, Rodney Dangerfield, Norm Macdonald, Ken Dodd, Stewart Francis, Zach Galifianakis, Mitch Hedberg, Anthony Jeselnik, Milton Jones, Shappi Khorsandi, Jay London, Mark Linn-Baker, Demetri Martin, Groucho Marx, Dan Mintz, Emo Philips, Tim Vine, Steven Wright and Henny Youngman and Arnold Schwarzenegger. [ citation needed ] Many fictional characters are also known to deliver one-liners, including James Bond, who usually includes pithy and laconic quips after disposing of a villain. [ citation needed ] Examples "A baby seal walks into a club." "A dyslexic man walks into a bra." (Anonymous) "There are three types of people, those who can count and those who can't." "Venison's dear, isn't it?" (Jimmy Carr) "An escala...
Read more