can you get fired for accidentally sending confidential information

The awareness that anything sent in your work email is subject to FOIA and open records requests really varies. If you cant keep a secret, this is not a field you should be in. To be clear, you were fired for admittedly breaking confidentiality not because of your coworker. Draft your UI forms and pre-write your objection to his unemployment on the grounds of "good cause" firing for willful misconduct- Then after all that you can fire him. Im sure the letter writer has plenty of that to deal with already. Or when she builds a pattern of sharing harmless information until suddenly it isnt harmless? Email DLP: A key investment management tool. Yes, this is the way to do it: Friend, I just got the best news at work, I am so excited! Yes, if you're sending a mass email, BCC makes sure no-one else sees each other's emails and therefore reduces the risk of a breach. I used to work in a one-industry town. But at that very moment, I was in a personal email back-and-forth with another female coworker. Its ridiculous how much a speculator can get from very little information, and this is why keeping anything secret until it is announced is important. I can imagine all kinds of things that wouldnt be that exciting to the world but that I would still want to tell a friend. Im also a public affairs officer for a government agency- one that almost exclusively deals with highly classified information. What you did was misconduct. There could be a situation where it might be the journalists job to share the information LW thought they were telling to just a friend. Your coworker was not at all in the wrong here, OP. Yeah, one of my former coworkers, who was allegedly fired from our company for bringing a gun to work, found another job a couple months later in our same industry. I thoughtlessly mentioned an embargoed announcement to a longtime friend in journalism before it was public. The person whos emailed may have inadvertently caused a data breach, so it could be important you get in touch and let them know. At the same time, though, its a program the average American would likely never have heard of and would give less than a crap about. Are there any reasons why the coworker couldnt be upfront with what had to be done ? Of course. Challenge them directly and be sure that when they say it's okay to start at 9.30am, make sure they actually mean it, or don't do it. End of story. I think it most likely would be very boring, but some stuff like the jobs report a few days early would be very interesting to unscrupulous investors. Thats the real clincher here for me) and on a personal level with management your position is one of trust and you violated the basis of your work. If you told, you breached confidentiality, no matter what the other people did. I can remember almost exactly what I said: It was wrong of me to put that information out. I get why maintaining confidentiality is important, and I understand why the OP was wrong in this particular situation, but balance is also needed. The OP was not entitled to be making calls on who outside the org could be trusted with this information. Regardless of what word you use when you disclose what happened, understanding that difference, owning up to it, and showing how you've changed as a result is your best hope of gaining future employment. If you break certain unspoken rules, you can lose your job or ruin your career. Passing it off as a mistake, or trying to portray ignorance (in the sense of saying "oh, I didn't realize it was wrong when I did it") is just going to make it sound like you don't bother understanding or following policies. +1 on the choice of language and framing. Some projects you could talk about with a trusted friend as long as you didnt get specific, but shouldnt announce on twitter. I just want to remind people that it happened. You added nuance that I hadnt thought about. It can depend on what mechanisms are in place to protect the content of the email, who is sending the email, who it is being sent to, the content of the email, and whether the subject of the HIPAA information has provided their written authorization for unsecured PHI to be . According to Tessian research, over half (58%) of employees say they've sent an email to the wrong person. The HIPAA Rules require all accidental HIPAA violations, security incidents, and breaches of unsecured PHI to be reported to the covered entity within 60 days of discovery - although the covered entity should be notified as soon as possible and notification should not be unnecessarily delayed. Thats the very last reporting step for something illegal/dangerous. It may be unfair to assume a journalist is cutthroat and would kill for a lead, but its also nave to assume they wouldnt let anything slip to the exact wrong person. No, no, no, no, no. I recently saw a movie in pre-screening thats being pushed to be a blockbuster. You did a dumb, impulsive thing and when you took time to consider it, you did the right thing. Im not sure whether this is something they can move on from or not, but they absolutely need to get themselves out of the mindset that their coworker ratted on them, because thinking that reporting things like that is tattling and childish is how corruption grows. Contact the unintended recipient It's a good idea to contact the unintended recipient as soon as you realize the error. Just wanted to point out that OP said they worked in the government, so while yours might be the public understanding of confidential, it wouldnt apply to anything their job considered confidential. And if I tell anyone, including a coworker ,that I processed said claim, my butt could very well get in a lot of trouble. Confidentiality, especially in government, is no joke and should be taken very seriously. I dont mean to sound harsh but you really need to break out of this frame of mind. This is to prevent LW from trying to destroy any evidence. Accidents happen inadvertently but this is not the case here. Even though I was only suspended for two weeks, it hurt so, so much. As someone who practices public relations, calling this victimless gives me a lot of anxiety. Its also possible that she got caught in a broader crackdown on leaks and thus wasnt given a second chance when she otherwise might have been. I wish I lived in your country. What video game is Charlie playing in Poker Face S01E07? Where the investigation uncovers evidence of divulging confidential information, then the employer should take formal action. I work in communications for a large organization and I see this as a trust issue with leadership. In that case its not so relevant that there was a misunderstanding. Its a big difference if you sit together at a bar, your friend mentions chocolate teapots and you say oh, this morning I was asked to design a llama-themed one before you realize that you really shouldnt have said that. A terse to non-existent IT policy or one that's full of unexplained jargon can work against a company. (And thats before you tack on that LW thought it wasnt SO bad because he told Journalist Jason, who can keep a secret, as opposed to Reporter Robert, whos a real sieve.). OP notes that she is a government employee. Ohhhh come on. We dont even know where the LW is; Alison has gotten letters from outside of the United States before. You were wrapped up in a project and yes you messed up but no you didn't mean to. If the email involves sensitive information, this could be a serious problem for the people involved. RIGHT NOW it is totally privileged information and it needs to be treated that way. Has 90% of ice around Antarctica disappeared in less than a decade? As a communicator, youre likely to be privy to confidential information on a regular basis during the course of your career, and if that information leaks for any reason, it could have serious repercussions for the organization especially if its a government body. If its a marketing message, spam, or something that looks entirely unimportant simply delete and move on. Not saying you did this! Just a bad situation. The only thing an employer may not do is make employment decisions based upon you being a member of a protected class. They have absolutely no obligation to keep secrets for government agencies or private companies. We got walked through several juicy gossip or personal information scenarios during our orientation in an interactive way, so we could experience the kind of decision-making they wanted, and it was much more memorable. A further 2 years can be added onto the sentence for aggravated identity theft. In addition to Alisons script, I think it also reflects well on you that you reported what you had done. how else could you have met that need?) I think its also something to do with the fact that if you tell a journalist something newsworthy, youre not just talking, youre offering a thing of (potential) value, which is an entirely different action from sharing news with a friend. Copyright 2007 - 2023 Ask A Manager. Im thinking of the Elizabeth who went on a 20-email rage about being called Liz, or even the old 1970s memos from the Tiger Oil CEO that found new viral life in the digital age. I tell my team that if it leaks from us, they cannot work here. YOU know you wouldnt do it again, but nobody else can really know that. Which is not how I would handle things now, but I was a lot younger and in a bad place in my personal life, so. obviously i cant know that for sure though. She did her job. That OP knew it was wrong and felt guilty about it is a sign of strength. But also to say that when you work with confidential info, the impulse to share is a common one, and managing it is something you need to be on top of from every angle. Its going to be a hurdle. Thats totally true, and when I worked for state government release of confidential information would have been grounds for immediate termination, but Alison is the only one who calls it confidential, OP calls it non-public. While it is possible the line could be actively tapped/monitored by someone else, even if it was an unsecured line it would be reasonable to assume the home phone number on file for GSA's dad would lead to the dad. I was working on some client confidential information on my client issued laptop and I emailed this info to my personal mailbox as I wanted to continue doing work on my personal laptop; I couldn't take my work laptop away whilst on extended leave overseas. We go through training every 6 months, that we should NOT to tell the coworker or customer that we will need to report them. Policy change that is a big deal to staff that works on it, but very in the weeds for the general public (regulation is going to be changed in a way that is technically important but at most a medium-sized deal), Fairly real examples that would be much bigger deals: You are almost certainly an at-will employee so you can be discharged at anytime and for any reason or even no reason at all. In a roundabout way, they somewhat did you a kindness by firing you. You want to minimize this, and thats natural. You can do this, if you keep working hard on yourself. Don't be me, is what I'm saying I guess! Im glad youve learned from your mistake, and I really hope you take this experience to heart as you continue your communications career. ); Im also thinking of someone I know whose work depends on his being able to drive who got a DUI last year, and someone who essentially had a full emotional breakdown in a workplace I was in when I was a lot younger, who ended up under her desk sobbing and throwing things). You did wrong, fessed up, and got fired anyway. Once its out, you have no control over it. I doubt it was the plan to storm Area 51. This. If nothing exculpatory came out in that meeting then maybe firing was the appropriate response. How do I tell potential future employers why I got fired and have them still want to hire me? How does this make it any better or worse..? That may not be the right wordbut Im having trouble finding the right one. Im still pretty upset that I had no second chance, but I suppose I just lost their trust. I imagine theres a section in the manual and training (possibly annually) about the great responsibility they bear around confidentiality and how people will try to scam them into breaching security, yet OP does not appreciate the weight of this. Im just explaining that the information was likely a non-public record and not a confidential record. It's a good idea to own it and let your management know. As easily as one of them knowing OP uses Slack to contact reporters and assuming I told a journalist friend or I told Rain (who they know is a journalist, possibly on that channel), anything but I texted a (journalist) friend meant OP went the usual Slack route. Right. I just think it serves OP to choose a more benign explanation because it will help OP deal with the fall out of the situation going forward. Thats pretty ratty behavior. Excitedly texting confidential, FOUO information to a friend who happens to be a journalist, unconscious of the optics and real potential harm? Im still learning Slack, so maybe being naive. You dont get a warning for things like that. This is so true. (And yes, the records request would come through the custodian of records, but the point of my second paragraph is that non-public information does not have special protections like confidential information and that the general public has a right to access that information as soon as it is available, and not just when the agency finds it convenient to send out a press release.). If the answer is Yes then say that. Is there a solution to add special characters from software and how to do it. It could be that she did (and I think no employer should ever fire anyone without hearing their version of the story) but the employer still thought its bad enough that they need to fire OP. Oh yeah, my response wasnt to you it was just to continue what Alanna said. Maybe she had to report it for her job (as some people are speculating) but even still, its okay to be annoyed at someone even if its not 100% logical. The fact is, its just not their secret to share. In this situation, I reported myself is simply false, given OPs expectation that her mentor wouldnt pass along what she knew to anyone else. Yeah, this is a big part of it. Second chances arent a foregone conclusion in any aspect of life or work; your expectation that there should have been one at all suggests a level of entitlement that needs to be examined. If there was no record, then there is no possible sanction under FOIA or sunshine law (because that only pertains to records). Its not great, but some breaches really are that serious, and employers cant always be like the library giving amnesty for late fees if people bring the books back. But I dont think this applies in any case since it was on her personal cell. When they call for a reference, many employers will absolutely say if you were fired or laid off, and they will give detailed references. you can include that in there too, not as a way to cast doubt on their decision but as a way to indicate this was a fluke, not a pattern of bad judgment. If I were your coworker I would have done the exact same thing. Per my story above, when I made the mistake that I was fired for, I did take responsibility at the time, and they fired me anyway. The mistake was breaking company policy not that they announced to a coworker they broke company policy. FIFTY?! I hope you mean it when you say you understand the magnitude of this mistake and why you were fired for it. Back in the dinosaur era (early 80s) the directors secretary was the only one tasked with typing up yearly evaluations on high-level staff. I agree that you can learn how to share without breaching confidentiality. Letter writer: If youre still dealing with this emotionally, focus on the facts. Im sorry but it would definitely be a good idea to recognise that this is a really big deal and learn from it. How to handle a hobby that makes income in US. One of my favorite shows had a plotline about a sibling not liking someone not breaking doctor confidentiality. The co-worker absolutely had a responsibility to bring this information forward. I dont recall that Lily Rowan ever had a job. Thats how a lot of people get found out in the end, it doesnt just stop with telling that one friend. January 31, 2022 . Oh, thats a risky tack for OP to take if they want to stay in their field. Since that didnt happen Im not surprised you werent given a second chance. Thats a good friend but you put her in a bad position. The above divulged details to a journalist about allocation and resources they should not know about. This includes understanding what you did wrong and explaining how you might have approached this in future (hint: ask boss, transfer via encrypted USB if necessary and allowed. Possible scripting adjustment: I mistakenly shared some non-public information with a friend outside the agency before it was officially released to the public. The OP would be better off to own up to her mistake and her mistaken thinking in saying/writing/texting the information, say what she learned from it, say how she would plan to deal with a similar situation about exciting confidential information if this ever happens again, and conclude by saying that it was 100% her own fault, that she doesnt blame the organization, the manager, or her coworker, that she understands that she put her coworker in a horrible position, and that she will NEVER do anything like that EVER again. The financial firm I worked for had mandatory quarterly compliance meetings with examples of Dont Be This Guy Because He Doesnt Work Here Anymore. A senior UK diplomat has resigned over the matter. It may be unfair to assume a journalist is cutthroat and would kill for a lead. And then THAT person got so excited that they just had to tell someone Each person thinks theyre only telling one other person, and that they can trust that person. We let him go for incredibly poor judgmentlike putting me as a reference, for example.. (Im not from the US, and not in government) If I were in OPs place, I would also be upset and feel betrayed. Ramp up your privacy settings across all accounts. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship. If its the government, theyd be defending Area 51 unless its a false flag operation, and the point is for the invasion to occur, but show nothing suspicious, because the government already relocated all the aliens! With regards to getting a new job within the software engineering/analytics/data science field, I wouldn't lie on application form and in interviews if asked why I left my old job. A good . I had the same thoughtthat was very unwise. I am assuming you had a clearance of at least Secret. I would have ratted you out too. I just wasn't thinking at the moment I sent the information. But thats where having friends in the same workplace comes inyou can expend the impulse by gushing to them and then zip your lips once you leave the building. If you hadnt told your co-worker, then they could not have ratted you out. I had friends who would jokingly-semi-serious ask me if I was poking around their accounts and such while I was working there and I would deadpan look at them and say your finances and personal information isnt interesting enough to lose my job over and then change the subject. By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. You might not immediately get the same job you had before and might have to accept something more junior but be clear in your communications and you'll get there. But given the kind of convo LW describes.while the LW really should not have been surprised they got reported and then fired, and does seem to be downplaying the severity, I wonder if something about the convo led them to believe it was somehow less serious than the mentor clearly understood it to be, and mentor didnt seem to do anything to help the LW understand how big a deal this is, which is kind of a bummer. To me, her wrong doesnt justify her mentor going behind her back. +10. I used to be a journalist, I have lots of friends who are journalists and I never tell them anything that I shouldnt, even the ones I really trust. Don't worry, you're still qualified to be Secretary of State. I totally get how it can be really exciting to hear about cool things, and the impulse to tell the people close to you. OP, I can understand why you would want to talk to someone who was mentoring you about something like this, but when you tell someone you work with that you committed a pretty serious breach of duty and sharing nonpublic information is pretty much always a serious breach!! This was actually a very kind way to get this point across. (the confessional? Im a publicist. I am a govt worker in NY. In this case you will get a second chance it will just be with another employer. you get to a point where you just really really need to share. *(assuming that you did so)* She covers a totally different subject area so it never even crossed my mind that her career would be an additional conflict. It also protects the coworker from any immediate threats or retribution by LW. But there was no way we were actually going to get the contract now if they didnt. There are different levels of confidentiality for different circumstances. Every bit of what Ive said is probably hearsay. quite a lot of people are going to feel as though youre making them an accomplice in your bad behavior. If you are facing much trouble, look for job in domains where confidentiality is not too critical and the employer is not paranoid about it. (They could be facing prison time.). An employee who doesn't know about a policy important enough to fire someone over is just a ticking time bomb to an employer. Take this to heart in your next position and deal with sensitive information. If it bleeds, it leads, and if its not bleeding, you might as well kick it a few times to see if itll start bleeding Nope. You made a mistake. It doesnt matter that its a good friend of yours who happens to be a journalist shes a journalist, and her JOB is to tell people about things she finds out about. We just had something similar happen at my office last week. Every employer Ive worked for (finance) has done annual or semi-annual privacy/information security trainings, and while theyre tiresome for some of us, theyre certainly helpful in continually reinforcing hey, this is a very very very very very big mcf**king deal. My adviser listened to what was going on and was like we have to tell. I think interviewers will pick up on the equivocation in your language here. Don't say "I was escorted out by armed guards" where you can say "My manager was disappointed enough to let me go". Sorry that this happened to you (Ive made stupid mistakes too) but you may want to consider keeping problems like this to yourself. All rights reserved. Hows work? Having worked in communications and journalism for the past 15 years, I think this ishonestly really bad. It can take down evil people who mean to do others harm. The first person needs to understand that most of the time, you arent entitled to negotiate a yes, because the answer is no. All three have kept their mouths shut, at least to the best of my knowledge, and I can talk it over without worrying that I will cause a problem with my disclosing. We were interviewing someone who had broken the #1 cardinal ethical rule in our industry (a branch of health care). OP came to her, she felt guilty, they apparently talked about this a bit, so why not tell her that this cant be kept secret and she has to come forward to her boss ? Within hours, there were writeups on tech blogs about the new iPhone before its official release. about your coworker reporting you, betrayed and hard done by, is the way your employer feels about you. Take ownership and accountability of it, because for better or worse, all of us could have made OPs mistake at some point in our careers. Its so very context and field dependent. The fact that you were surprised and angry (to the point of calling her a rat, essentially) speaks to the fact that you actually do NOT know who you can expect to keep things secret, at least not as well as you think. I have personally learned that if you never want coworkers to find out something embarrassing or private about you, never ever tell them. I understand that the breach was very bad and that the organization needed to take some disciplinary action, but it seems to me that firing an employee who fessed up to something like this to a senior coworker sends the message: If you mess up bad enough, dont tell anyone. Minimizing it will make it harder for future employers to trust OP, whereas frank ownership and an action plan will read as much more responsible and accountable. This is important both in terms of owning your mistake and not blaming the person who reported it. Until the boys parents threw the uncle out. What the saying about eyes, ears, mouths??? (Obviously it would have been best not to give her journalist friend the info to begin with.) I am not falling on the sword or putting my job on the line for a coworker. As much as I love some of my coworkers, Im not taking one of the team. Or you mistyped her email by one letter and it went to a colleague who had no reason to respect the embargo? Based on the post its probably public now, so I would guess its likely not too exciting. When I asked about the job move he said he had failed to make a required disclosure on a sale and so was fired, but how he took it to heart and had behaved since. Id like to know what LW said at the two meetings they gave her before firing her. I think also this illustrates how hard confidentiality is; these are trained and likely reasonably experienced people who still couldnt resist this temptation. I do have to wonder if the hospital failed to educate its employees on how freaking serious that kind of breach was, although Id still put the failure on the feet of the violators. I think youd be in trouble for sharing that kind of information over the phone, regardless of who he was talking to. Im sure they thought she was a fruit cake. Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. Right. Here are the things that OP needs to remember: First, the coworker is not a rat, even if she misunderstood the scope of OPs unauthorized disclosure and mistakenly misrepresented it. Its no worse than our organization doesnt protect classified information no matter how badly an employee disregards policies. In jobs that require non-disclosure, active disclosure is a very big deal. It may help you to know that the dreaded why are you unemployed right now question doesnt come up in every interview.