The consultancy never claimed that the surveys were anonymous. Pretty much every manager did when they sent it out to their employees. I guess lots of bosses in the UK have no problem with lying to their employees.
Privacy laws are only as good as their enforcement. I’ve seen first hand the slap-dash attitude the NHS has to patient confidentiality and the police using databases for their own personal reasons. I’ve also experienced UK primary schools violating confidentialities. No repercussions for any of them.
I did some consultancy for the NHS (hint for anyone in IT: DON’T) and tried to whistle-blow the absolute shocking state of patient confidentiality. Nurses would routinely look up things to use or for gossip or leverage over people. For example, one nurse was able to access patient details to help her friend get ammunition in a divorce and custody battle. Another used it for playground gossip against a mother who had offended her and spread around that she was on antidepressants. When I started the complaint (giving multiple examples), they closed ranks and decided my claims were due to “miscommunication” and/or were fabricated. I could prove this data had been accessed and who had accessed it on the system’s audit trail. Nothing was done. They have policies in place stating not to do that, but they were routinely ignored.
Same with the police. Officers were using police databases to stalk and harass exes, exes new partners or neighbours who had pissed them off. The Independent Police Complaints Commission are a joke and are staffed by ex police officers who had personal relationships with the people involved. The complaint was closed and I received a letter months later thanking me for withdrawring my complaint. I never withdrew the complaint and was informed that I had and I was unable to open it up again. This was 10 years ago and I haven’t worked for any police department since or relied on the police for anything.
GDPR and data protections laws are all well and good, but without enforcement they are meaningless.
I live in the UK.
The consultancy never claimed that the surveys were anonymous. Pretty much every manager did when they sent it out to their employees. I guess lots of bosses in the UK have no problem with lying to their employees.
Privacy laws are only as good as their enforcement. I’ve seen first hand the slap-dash attitude the NHS has to patient confidentiality and the police using databases for their own personal reasons. I’ve also experienced UK primary schools violating confidentialities. No repercussions for any of them.
If you were to reveal this information while you were still employed, would they have had legal repercussions against you as a whistle blower?
No legal repercussions.
I did some consultancy for the NHS (hint for anyone in IT: DON’T) and tried to whistle-blow the absolute shocking state of patient confidentiality. Nurses would routinely look up things to use or for gossip or leverage over people. For example, one nurse was able to access patient details to help her friend get ammunition in a divorce and custody battle. Another used it for playground gossip against a mother who had offended her and spread around that she was on antidepressants. When I started the complaint (giving multiple examples), they closed ranks and decided my claims were due to “miscommunication” and/or were fabricated. I could prove this data had been accessed and who had accessed it on the system’s audit trail. Nothing was done. They have policies in place stating not to do that, but they were routinely ignored.
Same with the police. Officers were using police databases to stalk and harass exes, exes new partners or neighbours who had pissed them off. The Independent Police Complaints Commission are a joke and are staffed by ex police officers who had personal relationships with the people involved. The complaint was closed and I received a letter months later thanking me for withdrawring my complaint. I never withdrew the complaint and was informed that I had and I was unable to open it up again. This was 10 years ago and I haven’t worked for any police department since or relied on the police for anything.
GDPR and data protections laws are all well and good, but without enforcement they are meaningless.