Lost employment records

Tesco has recently settled a data breach claim for £3,000 made by a former employee after she discovered Tesco had lost her employment records.

The employee had worked for the supermarket for 30 years and had requested the information as part of a separate employment tribunal claim she was making against the supermarket.

Her personnel file included sensitive medical information, referred to as ‘special category data’ under the GDPR and Data Protection Act 2018, including counselling notes and details of her post-natal depression.

The employee said she felt ‘violated’ by the breach and continued to feel distressed not knowing where the records were or who could have access to them.

Holding personal data safely and securely

The Tesco case emphasises the importance of employers ensuring that any personal data they hold for employees, whether in paper or electronic form, is held safely and securely. Particular care must be taken with sensitive personal data.

The GDPR section of our CEFMi website contains model policies, related forms and answers to frequently asked questions for schools.

Get a free trial of CEFMi – a comprehensive resource for school managers.