Hi
My employer has breached staff data & confidentiality by sending an email with protected info to people in the company not entitled to see it.
During a disciplinary investigation, an email was sent to a manager by another manager containing names, contact details and a summary of their potential evidence. This email was inadvertently cc'd to the person being investigated & other witnesses.
The company has now told all involved about the data breach but omitted to tell them the other sensitive content.
I have seen this email & I feel very uncomfortable about this omission and have advised one of the people to make a sar if the company won't tell her the content.
What should the organisation be doing?