Colleague privacy issues

ldy4mxonucwsq6

Started a new role back in December, bit of a change for me and the culture is odd but I'm just keeping the head down and working away for the moment.

Anyway, I was checking Internet history on a shared PC the other day (I was looking for a URL for a Web based programme that is used and was having trouble finding it).

In the history I find someone has been searching for my home address (this info could have only been obtained from my employee details) they were having a good look too, street view of mine and all the neighbours houses, about 20 - 30 entries in the history.

The history showed it happened in a day I wasn't working.

I was a bit creeped out, was it just someone being pure nosey? Just felt it overstepped the privacy mark a bit and is weird.

To leave it in the history knowing I would be using the PC at some stage, baffled a bit!!

OMM 0000

I wouldn't read into it too much (e.g. psycho who wants to kill you).

It most likely means someone you work with likes you (friendship, whatever) and is interested in you.

It is a bit creepy, but likely harmless.

I wouldn't get your manager involved.

ldy4mxonucwsq6

OMM 0000 wrote: »

I wouldn't read into it too much (e.g. psycho who wants to kill you).

Not too worried about that sort of thing (just yet).

Just thought it was a bit intrusive for someone to go into my employee file, find my address, go have a good gawk and then be stupid enough to leave it there for me to see.

bilbot79

How do you know they were looking at your house? Might have been browsing property.

Might have been checking your environs to help get the measure of you

ldy4mxonucwsq6

bilbot79 wrote: »

How do you know they were looking at your house? Might have been browsing property.

Might have been checking your environs to help get the measure of you

They typed in my exact address so I know they were definitely looking at my house. Plus that of all my direct neighbours on street view, presume to give them a good view from all angles of where I was living.

Yes could have been to find out what I'm like (although can you do that based on the exterior of someone's house?), the fact that I have no Facebook etc meant they couldn't have a nose there.

I found it a bit annoying that there were being such nosey gits, along with looking at my personal information in employee records too.

Quartzy99

This would definitely creep me out too tbh.
One reason why I have minimal presence on social media and keep everything locked down to the max!

Hoboo

Khaleesi Shapely Madwoman wrote: »

They typed in my exact address so I know they were definitely looking at my house. Plus that of all my direct neighbours on street view, presume to give them a good view from all angles of where I was living.

Yes could have been to find out what I'm like (although can you do that based on the exterior of someone's house?), the fact that I have no Facebook etc meant they couldn't have a nose there.

I found it a bit annoying that there were being such nosey gits, along with looking at my personal information in employee records too.

Report that to HR tomorrow. Nothing more to be said really.

Motherof123

Hoboo wrote: »

Report that to HR tomorrow. Nothing more to be said really.

That's really weird very nosy

jimd2

I think I would have a definite issue with this - and I am a guy in my fifties so I wouldn’t be worrying about someone taking a shine to me etc!

I do think that it is a serious data privacy breach in the company and I think that you should complain about this under GDPR rules.

Ask the company what data that they retain on you and what the legal basis they have for retaining it.

Point out the issue and ask for an investigation into how the data breach could have happened.

If it was me I would ask for the i.t. people to investigate what login is associated with those searches. At least a severe warning if not dismissal should ensue.

Definitely don’t leave this lying down.

CPTM

I wouldn't read much into it other than someone being nosy. A couple of my colleagues sold their house last year and everyone was interested in having a gawk at the house pictures. I'd say someone saw your address on whatever profile you have and decided to check it out because working is boring. Is there any genuine reason they would have gone into your profile? That's the weird bit if not. Googling addresses isn't weird these days, but coming across them is if they weren't there for some other reason.

con747

You need to weigh up the fact your in a new job and do you want to make an enemy by reporting it to HR. Only you can decide that. If you find more delving into your privacy then go to HR.

Strumms

Khaleesi Shapely Madwoman wrote: »

Not too worried about that sort of thing (just yet).

Just thought it was a bit intrusive for someone to go into my employee file, find my address, go have a good gawk and then be stupid enough to leave it there for me to see.

I’m not aware of the legalities but at the very least, best practice should imply that employee files and information contained within are not made or left accessible to line employees. The only people who should have access to your details are management and HR.

ldy4mxonucwsq6

con747 wrote: »

You need to weigh up the fact your in a new job and do you want to make an enemy by reporting it to HR. Only you can decide that. If you find more delving into your privacy then go to HR.

I know who did it, only one other person has access on the PC.

In terms of GDPR, the data was being misused (that's not the purpose it was intended for) but no I wouldn't be going to HR about it (there is no HR anyway, small business) just wanted to get opinion on it.

I'm private by nature so it kind of irked me.

I mentioned it to another colleague and they said they weren't the least bit surprised.

con747

Khaleesi Shapely Madwoman wrote: »

I know who did it, only one other person has access on the PC.

In terms of GDPR, the data was being misused (that's not the purpose it was intended for) but no I wouldn't be going to HR about it (there is no HR anyway, small business) just wanted to get opinion on it.

I'm private by nature so it kind of irked me.

I mentioned it to another colleague and they said they weren't the least bit surprised.

Keep an eye on the person so and hope it is a once off. If it happens again or any other inappropriate behaviour happens then look at your options with the owner of the company.

Burgo

Khaleesi Shapely Madwoman wrote: »

In the history I find someone has been searching for my home address (this info could have only been obtained from my employee details)
!

I see in a reply you said that there is no HR, so who would have access to this information? Are all the employee's personal information freely available to access?

Diceicle

jimd2 wrote: »

I think I would have a definite issue with this - and I am a guy in my fifties so I wouldn’t be worrying about someone taking a shine to me etc!

I do think that it is a serious data privacy breach in the company and I think that you should complain about this under GDPR rules.

Ask the company what data that they retain on you and what the legal basis they have for retaining it.

Point out the issue and ask for an investigation into how the data breach could have happened.

If it was me I would ask for the i.t. people to investigate what login is associated with those searches. At least a severe warning if not dismissal should ensue.

Definitely don’t leave this lying down.

I wouldn't be inclined to take this route, as depending on the culture, it will almost certainly mark you out as a pain in the h0le or a busy-body - particularly if you're new. Not saying its right but it is how it is.
Depends how much capital you want to burn at this stage of the career.

Diceicle

Khaleesi Shapely Madwoman wrote: »

I know who did it, only one other person has access on the PC.

In terms of GDPR, the data was being misused (that's not the purpose it was intended for) but no I wouldn't be going to HR about it (there is no HR anyway, small business) just wanted to get opinion on it.

I'm private by nature so it kind of irked me.

I mentioned it to another colleague and they said they weren't the least bit surprised.

Its definitely creepy - probably nothing in it - but creepy.
Would it be possible or appropriate to put a 'shot' by the perpetrator? Something like 'it was really weird. I was on our PC and a picture of my house came up....'

Khaleesi Shapely Madwoman

Khaleesi Shapely Madwoman wrote: »

I mentioned it to another colleague and they said they weren't the least bit surprised.

In what way weren't they the least bit surprised?

"Oh they're just a nosy so and so."

or

"Yeah, they're fair creepy."

Jim2007

Khaleesi Shapely Madwoman wrote: »

I
In terms of GDPR, the data was being misused (that's not the purpose it was intended for) but no I wouldn't be going to HR about it (there is no HR anyway, small business) just wanted to get opinion on it..

Opinion is not fact, you have NO evidence that your HR file was accessed.

You may not be on social media, but that does not make it particularly difficult to discover your address. Unless you can categorically say that you have never ever given your address to someone, your parents and family have never done it and none of your friends know where your live, then you have to assume your address is in the public domain.

jimmycrackcorm

Khaleesi Shapely Madwoman wrote: »

I know who did it, only one other person has access on the PC.

In terms of GDPR, the data was being misused (that's not the purpose it was intended for) but no I wouldn't be going to HR about it (there is no HR anyway, small business) just wanted to get opinion on it.

I'm private by nature so it kind of irked me.

I mentioned it to another colleague and they said they weren't the least bit surprised.

Why don't you simply ask the person about it?

FishOnABike

If you were able to see it in the browser history does this indicate that there are shared logins using the same username / account ? If so I'd be concerned at the apparent lack of any IT security policy. If not how did you see the other person's browser history?

AndrewJRenko

Khaleesi Shapely Madwoman wrote: »

I know who did it, only one other person has access on the PC.

Tread carefully. If the password is shared, you really don't now how far it has been shared. This is the reason why good security advice is NOT to share passwords. Once you start sharing, you lose accountability.

ldy4mxonucwsq6

Jim2007 wrote: »

Opinion is not fact, you have NO evidence that your HR file was accessed.

Unless you can categorically say that you have never ever given your address to someone, your parents and family have never done it and none of your friends know where your live, then you have to assume your address is in the public domain.

I think its reasonable to assume that not long after starting there they got my full address from my employee record.

They really would have no other way of finding out that information.

[Deleted User] wrote: »

In what way weren't they the least bit surprised?

"Oh they're just a nosy so and so."

or

"Yeah, they're fair creepy."

As in they are nosey f*ckers.

AndrewJRenko wrote: »

Tread carefully. If the password is shared, you really don't now how far it has been shared. This is the reason why good security advice is NOT to share passwords. Once you start sharing, you lose accountability.

Yeah the place is a joke really, but I need the job at the moment. Complete lack of any real security or audit trail.

I do make sure all my passwords are mine alone though.

FishOnABike

Khaleesi Shapely Madwoman wrote: »

Yeah the place is a joke really, but I need the job at the moment. Complete lack of any real security or audit trail.

I do make sure all my passwords are mine alone though.

How then did you see their browser history?

Zulu

Unless you have cctv of them at the machine at the time, it's quite difficult to prove who the user was - logins or not.
If the record is still there, with a time stamp, that a screenshot or backup of the history files (if you know how to get them).
Then have a quiet word with HR/your manager or your DPU (if it exists).

One other thing, know what you want out of this before you go in. Once you raise it, it'll be out of your hands. Someone could be dismissed or resign. So if you just want a "quiet word" to be had, make that clear - although it won't be up to you.

Do take a screenshot in any event and keep it, even if you decide to do nothing. This could develop over time.

La.m

I think its reasonable to assume that not long after starting there they got my full address from my employee record.

They really would have no other way of finding out that information.

I know it's an old fashioned concept but would you be in the phonebook by any chance?

Tabnabs

OP, if you are a private person in general, you can have Google blur out your home on streetview. Stops any unwelcome intrusions like this.

GerardKeating

Khaleesi Shapely Madwoman wrote: »

In terms of GDPR, the data was being misused

GDPR might only relevant if he got your home address from your employment details, they might "know" it via non-work means.

SmartinMartin

Log in and street view their address and leave it onscreen.

Jim2007

Khaleesi Shapely Madwoman wrote: »

I think its reasonable to assume that not long after starting there they got my full address from my employee record.

They really would have no other way of finding out that information.
.

A reasonable assumption is not a fact and your reasonable assumption maybe some else's flight of fancy. Acting on such a serious matter as accusing you new employer of preaching data protection law, based on a an assumption could go terribly wrong.

Stone Deaf 4evr

you need to now search for their house, find it on streetview, take a screenshot, and then set it as wallpaper with the caption 'would you like to play a game?'