Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error

Options
Go to last post Go to first unread
matelot1965  
#1 Posted : 08 December 2018 21:36:28(UTC)
Rank: Forum user
matelot1965

Hi All, I have received a near-miss report which clearly identifies an employee by Job title as well as photographs showing the back of the individual with his job title clearly displayed on the rear of his work wear. Although this is a legitimate near miss the employee concerned believes the near-miss only reached my desk out of spite and not in the spirit of health and safety as it was only reported after the individual raised legitimate health and safety concerns against a department two days ago Whilst the near miss itself actually occurred 2 weeks previously. He has informed me that he believes there has been a breach of GDPR as the near-miss report has also been shared with others and clearly identifies him in an effort to embarress him. Apart from the report being unprofessional I believe that they’re is the potential for an inbound GDPR complaint . Thoughts please thanks in advance
Roundtuit  
#2 Posted : 08 December 2018 22:12:37(UTC)
Rank: Super forum user
Roundtuit

Firstly dont join sides. If it is a near miss that is exactly what it is - the timing of the report and any potential tit for tat is internal to your organisation - never declare a near miss "unprofessional" they are H&S bread and butter. IF the individual has a real GDPR concern this should be reported for investigation to your Data Controller and any issues for those in breach of your company data protection policy (sharing information) should be handled by HR. The subject of internal information sharing suggests your procedures and policies may not be as robust as they ought to be. Overall from your post i get the impression of the individual as someone who likes to cast stones but forgets they live in a glass house. Your career needs to appear balanced and independent otherwise you risk loosing respect and any chance of influencing others in the future.
thanks 8 users thanked Roundtuit for this useful post.
A Kurdziel on 10/12/2018(UTC), nic168 on 20/12/2018(UTC), Dave5705 on 20/12/2018(UTC), matelot1965 on 20/12/2018(UTC), A Kurdziel on 10/12/2018(UTC), nic168 on 20/12/2018(UTC), Dave5705 on 20/12/2018(UTC), matelot1965 on 20/12/2018(UTC)
Roundtuit  
#3 Posted : 08 December 2018 22:12:37(UTC)
Rank: Super forum user
Roundtuit

Firstly dont join sides. If it is a near miss that is exactly what it is - the timing of the report and any potential tit for tat is internal to your organisation - never declare a near miss "unprofessional" they are H&S bread and butter. IF the individual has a real GDPR concern this should be reported for investigation to your Data Controller and any issues for those in breach of your company data protection policy (sharing information) should be handled by HR. The subject of internal information sharing suggests your procedures and policies may not be as robust as they ought to be. Overall from your post i get the impression of the individual as someone who likes to cast stones but forgets they live in a glass house. Your career needs to appear balanced and independent otherwise you risk loosing respect and any chance of influencing others in the future.
thanks 8 users thanked Roundtuit for this useful post.
A Kurdziel on 10/12/2018(UTC), nic168 on 20/12/2018(UTC), Dave5705 on 20/12/2018(UTC), matelot1965 on 20/12/2018(UTC), A Kurdziel on 10/12/2018(UTC), nic168 on 20/12/2018(UTC), Dave5705 on 20/12/2018(UTC), matelot1965 on 20/12/2018(UTC)
matelot1965  
#4 Posted : 08 December 2018 22:25:36(UTC)
Rank: Forum user
matelot1965

Originally Posted by: Roundtuit Go to Quoted Post
Firstly dont join sides. If it is a near miss that is exactly what it is - the timing of the report and any potential tit for tat is internal to your organisation - never declare a near miss "unprofessional" they are H&S bread and butter. IF the individual has a real GDPR concern this should be reported for investigation to your Data Controller and any issues for those in breach of your company data protection policy (sharing information) should be handled by HR. The subject of internal information sharing suggests your procedures and policies may not be as robust as they ought to be. Overall from your post i get the impression of the individual as someone who likes to cast stones but forgets they live in a glass house. Your career needs to appear balanced and independent otherwise you risk loosing respect and any chance of influencing others in the future.
Hi Roundtuit, Many thanks for your reply and solid advice. The only reason I believe that the report is unprofessional is that it names and shames an individual and he is not happy and I fully get that The health and safety content is a fair and accurate reflection of what actually occurred. If it has been me I would have been upset also so I get where he is coming from
meady  
#5 Posted : 20 December 2018 10:39:41(UTC)
Rank: Forum user
meady

Just to add on this point regarding the GDPR issues.

Have a quick look through your Employees Privacy Notice and if there is no mention of images (photos and CCTV), names and personal data being used to support investigations then request it is added asap.

You dont need to get everyone to sign the updated Notice but just make them aware of the change, if necessary

It will be in the general Data Protection Policy that any personal data held on employees will be kept secure and deletion will take place once there is no legal basis to hold the data.

The employer has a legal obligation to investigate reports and act accordingly and HSWA takes precedence over GDPR in any case so as long as the personal data is handled correctly there is no come back should a complaint be made.

Even if the issue being reported seems to be malicious in nature it is important to feedback to the 'whistleblower' that the report is being acted upon. The word will get out that these reports are taken seriously which will encourage others to come forward in the future.

Hope that helps.

thanks 2 users thanked meady for this useful post.
matelot1965 on 20/12/2018(UTC), A Kurdziel on 02/01/2019(UTC)
Hazzard41579  
#6 Posted : 02 January 2019 15:02:02(UTC)
Rank: Forum user
Hazzard41579

Obviously GDPR requires personal data to be processed lawfully, fairly and in a transparent manner and without malice or unfairness but you must remember you have a legitimate interest in properly managing the H&S of everyone connected to your organisation. There is also the legal or statutory requirement to keep records to include incident reports. 

Mr.Flibble2.0  
#7 Posted : 02 January 2019 15:15:42(UTC)
Rank: Forum user
Mr.Flibble2.0

Hello just my two pence worth,

I would not put this into the realms of a GDPR breach as no personal data was shared other than the persons name and job Title, which is easily accessable information and cannot be linked to that persons personal data; Address, DOB, Telephone number, employee number etc.

We have pictures of First Aiders, Fire Wardens etc with names and job titles displayed around the our sites. 

I am no expect on this one however my understanding is that photographs can be taken and no consent required unless they are used for profit.

achrn  
#8 Posted : 03 January 2019 11:15:54(UTC)
Rank: Super forum user
achrn

Originally Posted by: Mr.Flibble2.0 Go to Quoted Post

Hello just my two pence worth,

I would not put this into the realms of a GDPR breach as no personal data was shared other than the persons name and job Title, which is easily accessable information and cannot be linked to that persons personal data; Address, DOB, Telephone number, employee number etc.

We have pictures of First Aiders, Fire Wardens etc with names and job titles displayed around the our sites. 

I am no expect on this one however my understanding is that photographs can be taken and no consent required unless they are used for profit.

Yes and no.  Photographs that happen to contain people are not personal data about those people, but if you attempt to identify the people within the photographs, then they immediately become personal data.

See https://ico.org.uk/media...hat-is-personal-data.pdf and the examples on pages 14 and onwards.

I note that pictures of First Aiders, Fire Wardens etc are therefore personal data - since presumably the purpose of the photograph is to assist in identifying the person - that's certainly why we have their photographs on display and I don't otherwise see why you would.  However, their name and job title is also personal data anyway, and you have a valid business reason for holding and displaying that (they cannot properly fulfil their role as first aider without everyone being aware that they are a first aider, in my opinion), so I don't believe you need an explicit permission for this.  If they object, however, you'll need to take down the details and get a new first aider.

jordanL  
#9 Posted : 12 November 2020 10:56:45(UTC)
Rank: New forum user
jordanL

Piggy backing off this old post, I've just had a GDPR/confidentiality question and it's not something I would consider an issue, but here goes. 

Accident reported on GDPR accident book. Our process says that first aider/injuered party must inform line manager of injured person for them to conduct investigation if required. 

First aider emails injured person line manager copying me (H&S Safety) plus another first aider. Includes first name, date/time/brief discription of the injury. 

Second first aider then questions whether this is GDPR compliant and whether there is potential for the email to go to the wrong person. 

I can't argue with the scond point, is the second first aider over thinking this situation?

Or is this a legitimate challange? If so any advise is much appreciated as I am in the middle of re-writing our reporting process and can take this into account now. 

Users browsing this topic
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.