GDPR issue in Pharmacy

Purple Mountain

Kinslee Angry Scrabble wrote: »

I wouldn’t be as mad if she contacted me privately but she posted it as a Facebook status the mad bitch

No, she should not have had any information that you were even a customer in there to be able to contact you.

qo2cj1dsne8y4k

And then to take it upon herself to tell me never to return, when it’s been where I’ve been going since I was a child

Princess Calla

I wouldn't contact either of them, as these things have a knack of snowballing!!

I wouldn't be surprised if this is considered gross misconduct. You are also probably not the first to complain.

That staff member is a liability to the owner now.

Best of luck, I'm fuming on your behalf

Dav010

Op, Can we take it for granted that the info did not come from another customer in the shop?

To those who say this is not a GDPR issue, you are incorrect. Also, it could be more serious than that for the pharmacy, a customer has a right to expect confidentiality when getting medications, this includes the conversation.

In this case, the op was identified, and private details about the conversation were given to another member of the public by a staff member. If you google, you will find a well publicised case of where a member of staff at a health clinic discussed details about treatments and personality of patients at a party, a few mins later those details were on Facebook, the clinic is now closed.

The potential downside for you op, is that if you have a history of being difficult to deal with, other health care/medication providers may be wary of accepting you as a patient/customer.

As a Clinic owner, I would look at this as a serious breach of confidence, the staff member acted wholly unprofessionally in every way. After hearing all the facts, disciplinary action would certainly be considered.

Sleeper12

Kinslee Angry Scrabble wrote:

No, the staff member gossiping about me outside of work

It has nothing to do with GDPR though

qo2cj1dsne8y4k

Dav010 wrote: »

Op, Can we take it for granted that the info did not come from another customer in the shop?

To those who say this is not a GDPR issue, you are incorrect. Also, it could be more serious than that for the pharmacy, a customer has a right to expect confidentiality when getting medications, this includes the conversation.

In this case, the op was identified, and private details about the conversation were given to another member of the public by a staff member. If you google, you will find a well publicised case of where a member of staff at a health clinic discussed details about treatments and personality of patients at a party, a few mins later those details were on Facebook, the clinic is now closed.

The potential downside for you op, is that if you have a history of being difficult to deal with, other health care/medication providers may be wary of accepting you as a patient/customer.

As a Clinic owner, I would look at this as a serious breach of confidence, the staff member acted wholly unprofessionally in every way. After hearing all the facts, disciplinary action would certainly be considered.

I have never had a problem with the chemist before and didn’t make a big deal out of the initial complaint, I just said she had been really rude and I left. I was happy enough to park it there, until I read my business that I should find another chemist on facebook.

qo2cj1dsne8y4k

Info 100% didn’t come from another customer.

FutureTeashock

Kinslee Angry Scrabble wrote: »

Info 100% didn’t come from another customer.

I'm no rocket scientist, but this is where you need to complain to.


https://www.thepsi.ie/gns/making-a-complaint/overview.aspx

Dav010

Sleeper12 wrote: »

It has nothing to do with GDPR though

It has to do with both patient confidentiality and GDPR. The op was identified, and personal data in the form of his/her interaction with the chemist was not only breached, but also published online. You may not have an expectation of confidentiality with conversations with your local shopkeeper, they may not collect data on you, Chemists most certainly do, they have your name address, Med card number, Med conditions, medications, GP etc, breaches of any type, including confidential conversations are both the above.

Every employee of a chemist, Doctor, Dentist etc knows you cannot divulge information about clients, this extends to their conduct.

joeguevara

It could simply be a case of said person seeing an altercation in the pharmacy and calling you out on Facebook. (no gdpr issue)

It could be a case of pharmacist venting about you to said person and they take it on themselves to call you out on Facebook. (possible gdpr issue but impossible to prove)

Or it could be a case of pharmacist disclosing and your information and then you being called out (gdpr issue but only way of proving it is if they disclosed it through pharmacy email/social media).

Firstly change pharmacy. No one Ned's to feel bad in the way they are treated.

As for the rest, because of difficulty in proving best to move on. However if you feel sensitive medical information was disclosed follow up with data protection commissioner.

Report post to Facebook and follow up with said person if they overstepped.

Dav010

joeguevara wrote: »

It could simply be a case of said person seeing an altercation in the pharmacy and calling you out on Facebook. (no gdpr issue)

It could be a case of pharmacist venting about you to said person and they take it on themselves to call you out on Facebook. (possible gdpr issue but impossible to prove)

Or it could be a case of pharmacist disclosing and your information and then you being called out (gdpr issue but only way of proving it is if they disclosed it through pharmacy email/social media).

Firstly change pharmacy. No one Ned's to feel bad in the way they are treated.

As for the rest, because of difficulty in proving best to move on. However if you feel sensitive medical information was disclosed follow up with data protection commissioner.

Report post to Facebook and follow up with said person if they overstepped.

The op does not need to prove the breach unless he/she is looking for a pay out, if the op wants to make a point, the complaint alone will have the desired effect when it reaches the owner.

joeguevara

Dav010 wrote: »

The op does not need to prove the breach unless he/she is looking for a pay out, if the op wants to make a point, the complaint alone will have the desired effect when it reaches the owner.

I hate data breaches. But in this situation it is more than likely a busy body overhearing as they were queuing up. If there is a complaint the DPC will ask what happened. There is probably no paper trail even if it was done by pharmacist. In my experience nothing would come out of it... Id be more inclined to bring it up with the person who siad it publicly on facebook

qo2cj1dsne8y4k

joeguevara wrote: »

I hate data breaches. But in this situation it is more than likely a busy body overhearing as they were queuing up. If there is a complaint the DPC will ask what happened. There is probably no paper trail even if it was done by pharmacist. In my experience nothing would come out of it... Id be more inclined to bring it up with the person who siad it publicly on facebook

There was no other customers in the chemist

Princess Calla

joeguevara wrote: »

I hate data breaches. But in this situation it is more than likely a busy body overhearing as they were queuing up. If there is a complaint the DPC will ask what happened. There is probably no paper trail even if it was done by pharmacist. In my experience nothing would come out of it... Id be more inclined to bring it up with the person who siad it publicly on facebook

I'm sure cctv will prove who was in the shop at the time.

Also if I was the staff member and I saw one of my friends posting that I'd be getting them to take it down immediately. I would also be questioning the friendship to be honest.

I would see this as bullying and intimidation also.

It's really not nice and I wouldn't like to be in shoesdays shoes.

joeguevara

Kinslee Angry Scrabble wrote: »

There was no other customers in the chemist

Fair enough... So the person who served you was abrupt....and her brother posted a message to you publicly on Facebook.. The fact you know its her brother and the fact that they found you on Facebook doesn't necessarily make it a GDPR issue... Makes it an everyone knows everyone issue. Take it up with the guy who messaged you... Don't waste your time with going down a data protection route because based on the information posted is impossible to prove. If specific medical information was mentioned then yes.. But it's akin to a sister telling a brother that she had a bad experience in a pub and then it being posted on Facebook... People should sort the issue with the person rather than going straight to GDPR.

Sleeper12

Dav010 wrote:

It has to do with both patient confidentiality and GDPR. The op was identified, and personal data in the form of his/her interaction with the chemist was not only breached, but also published online. You may not have an expectation of confidentiality with conversations with your local shopkeeper, they may not collect data on you, Chemists most certainly do, they have your name address, Med card number, Med conditions, medications, GP etc, breaches of any type, including confidential conversations are both the above.

Definitely not GDPR. OP didn't get any further than a greeting from the sales assistant. No personal data was taken, processed or stored by the business. Sales assistant needs to be sacked for being a right tit but nothing OP has said so far falls under GDPR

Princess Calla

Sleeper12 wrote: »

Definitely not GDPR. OP didn't get any further than a greeting from the sales assistant. No personal data was taken, processed or stored by the business. Sales assistant needs to be sacked for being a right tit but nothing OP has said so far falls under GDPR

Yeah but she's a regular client since childhood so everything is in the system so easily accessed.

ytpe2r5bxkn0c1

joeguevara wrote: »

Fair enough... So the person who served you was abrupt....and her brother posted a message to you publicly on Facebook.. The fact you know its her brother and the fact that they found you on Facebook doesn't necessarily make it a GDPR issue... Makes it an everyone knows everyone issue. Take it up with the guy who messaged you... Don't waste your time with going down a data protection route because based on the information posted is impossible to prove. If specific medical information was mentioned then yes.. But it's akin to a sister telling a brother that she had a bad experience in a pub and then it being posted on Facebook... People should sort the issue with the person rather than going straight to GDPR.

Ok so GDPR may, or may not, be the wrong term to use. But this is more than 'everyone knows everyone'. It's about somebody working in a business talking to others about people or events pertaining to the business and that should not be broadcast on social media. As for sorting it with the person, why should the OP do that? The employer can sort it with them. I don't think the OP is necessarily going the data protection route but is simply looking for action as a result of highly unprofessional behaviour by a staff member.

Sleeper12

Kinslee Angry Scrabble wrote:

Fast forward tonight, this ladies brothers girlfriend posted up a Facebook message advising me to find another chemist to torment. This lady is a 3rd party not associated with the chemist either now or in the past.

Princess Calla wrote:

Yeah but she's a regular client since childhood so everything is in the system so easily accessed.

You need to read the OP. Sales assistant didn't post anything. A 3rd party did. The only thing posted was not to use this particular pharmacy. Message didn't come from the shop or sales assistant.

First there is no proof that sales assistant has anything to do with it and second there is no proof that the information was gathered in another way. The information posted identified OP as a client of the pharmacy but anyone seeking OP enter the shop will have this information. The information gathered by the shop, medical records & address haven't been shared.

ytpe2r5bxkn0c1

Sleeper12 wrote: »

You need to read the OP. Sales assistant didn't post anything. A 3rd party did. The only thing posted was not to use this particular pharmacy. Message didn't come from the shop or sales assistant.

First there is no proof that sales assistant has anything to do with it and second there is no proof that the information was gathered in another way. The information posted identified OP as a client of the pharmacy but anyone seeking OP enter the shop will have this information. The information gathered by the shop, medical records & address haven't been shared.

Yes, the 3rd party used telepathy to know what had happened in the chemists. It's clear the staff member went the cheap gossiping route.

jimmynokia

Well if x is telling y stuff and posts on Facebook gossip knows what else she is at. This is wrong. Certainly something to take up with the pharmacy group

joeguevara

Jenna Mushy Steel wrote: »

Ok so GDPR may, or may not, be the wrong term to use. But this is more than 'everyone knows everyone'. It's about somebody working in a business talking to others about people or events pertaining to the business and that should not be broadcast on social media. As for sorting it with the person, why should the OP do that? The employer can sort it with them. I don't think the OP is necessarily going the data protection route but is simply looking for action as a result of highly unprofessional behaviour by a staff member.

But the employer has nothing to do with the person who said it on Facebook and has way more to lose if they accused their employee without any evidence on the basis of hearsay.

There are two issues. OP should complain to owner of being treated discourteously.

OP should deal with Facebook poster separately.

Princess Calla

Sleeper12 wrote: »

You need to read the OP. Sales assistant didn't post anything. A 3rd party did. The only thing posted was not to use this particular pharmacy. Message didn't come from the shop or sales assistant.

First there is no proof that sales assistant has anything to do with it and second there is no proof that the information was gathered in another way. The information posted identified OP as a client of the pharmacy but anyone seeking OP enter the shop will have this information. The information gathered by the shop, medical records & address haven't been shared.

The third party wasn't in the pharmacy, therefore there is no way they could know about the incident unless the sales assistant told them.

Now I get the sales assistant having a vent at home but you leave it at "a customer made a complaint about me.." you don't name the customer.

The sales assistant has conducted herself in far from a professional manner. She has been caught out this time but I doubt this is the first time she has acted inappropriately.

If you go into a pharmacy for medication etc the last thing you need to be worrying about is if this is going to be tonight's grapevine fodder!

qo2cj1dsne8y4k

Like I said too, If she doesn’t like me that’s fine, she shouldn’t have approached me with the sole intention of being rude. I tried address it with the person who posted it up online, she screenshot my message and posted it up online too. She sent me a message then telling me to “leave my in laws in peace”.

I have nothing to do with her in laws, I only know the pharmacy lady from the chemist and to be honest, have absolutely no problem with her outside this incident

Sleeper12

Jenna Mushy Steel wrote:

Yes, the 3rd party used telepathy to know what had happened in the chemists. It's clear the staff member went the cheap gossiping route.

Princess Calla wrote:

The third party wasn't in the pharmacy, therefore there is no way they could know about the incident unless the sales assistant told them.

Unless I missed something here all op has said is that people on Facebook stated on Facebook that op needs to find another pharmacy. I didn't read how they gave an account of what happened in the shop on Facebook?

Let's be very clear here, the fact that someone uses a particular pharmacy can be public knowledge. You don't need to be a staff member to have this information. None of OPs information stored by the pharmacy was leaked or misused. There is not a hope in hell of getting a ruling in the favour of the op on gdpr legislation.

Op should go to shop owner and tell what happened with screen shots. No shop owner wants a client told not to come back to the store. I have not doubt shop owner will take action in this case but shouting GDPR will not get OP anywhere.

Sleeper12

Kinslee Angry Scrabble wrote:

Like I said too, If she doesn’t like me that’s fine, she shouldn’t have approached me with the sole intention of being rude. I tried address it with the person who posted it up online, she screenshot my message and posted it up online too. She sent me a message then telling me to “leave my in laws in peaceâ€.

They sound like scumbags who use social media for bullying

qo2cj1dsne8y4k

Sleeper12 wrote: »

Unless I missed something here all op has said is that people on Facebook stated on Facebook that op needs to find another pharmacy. I didn't read how they gave an account of what happened in the shop on Facebook?

Let's be very clear here, the fact that someone uses a particular pharmacy can be public knowledge. You don't need to be a staff member to have this information. None of OPs information stored by the pharmacy was leaked or misused. There is not a hope in hell of getting a ruling in the favour of the op on gdpr legislation.

Op should go to shop owner and tell what happened with screen shots. No shop owner wants a client told not to come back to the store. I have not doubt shop owner will take action in this case but shouting GDPR will not get OP anywhere.

Considering I no longer live locally to the chemist, (think 30 miles away) and work elsewhere too, and happened to be back in that pharmacy specifically 4 days before she made the comment, I think it’s safe to say it was divulged I was there, and following it up with “leave my in laws in peace” cements the fact she knows what went on and she has no right to, much less broadcast it on social media.

qo2cj1dsne8y4k

Sleeper12 wrote: »

They sound like scumbags who use social media for bullying

I’d say it’s more jealousy than bullying but you’re right, she broadcasts everything on her social media and then plays the victim.

Princess Calla

Sleeper12 wrote: »

Unless I missed something here all op has said is that people on Facebook stated on Facebook that op needs to find another pharmacy. I didn't read how they gave an account of what happened in the shop on Facebook?

Let's be very clear here, the fact that someone uses a particular pharmacy can be public knowledge. You don't need to be a staff member to have this information. None of OPs information stored by the pharmacy was leaked or misused. There is not a hope in hell of getting a ruling in the favour of the op on gdpr legislation.

Op should go to shop owner and tell what happened with screen shots. No shop owner wants a client told not to come back to the store. I have not doubt shop owner will take action in this case but shouting GDPR will not get OP anywhere.

You missed something.... it was the sales assistants, brothers girlfriend that posted it on Facebook. I don't think it's a big jump into the unknown to guess the sales assistant had a gossip session at the dinner table.

Sleeper12

Kinslee Angry Scrabble wrote:

Considering I no longer live locally to the chemist, (think 30 miles away) and work elsewhere too, and happened to be back in that pharmacy specifically 4 days before she made the comment, I think it’s safe to say it was divulged I was there, and following it up with “leave my in laws in peace†cements the fact she knows what went on and she has no right to, much less broadcast it on social media.

I get all of that and she should be sacked. You have been treated badly as a customer. I have no doubt that the owner will want to hear about this and I have no doubt that they will take action. I'm just pointing out that it's not a GDPR breach.