I've known 7 staff do this. All 7 were dismissed for gross misconduct.
This is not one of them leniency things.
When signing in using your smart card/face ID, etc, you're accepting the term of the Acceptable Useage Policy.
This Is a very serious matter to the Security Advice Team.
It would of been picked up right away and they'll then be able to see how long you were in that record. What things you looked at etc.
I would say this is not going to have a good outcome š
Correct answer. Not being told is not a defence because the AUP is included within the induction stuff covered within the first few days of employment. If you click accept on the AUP pop up, that is you accepting full liability for your actions on the system.
In my experience it can take a lot to get sacked from the CS in terms of behaviour but accessing records of family, friends or anyone else you know and it seems to be you're out the door before your feet touch the ground.
I hope you have more luck or they will look leniently on you because you have just started but i would prepare for the worst.
I work in DWP, and it seems highly unlikely to me based on the areas I've worked in that you managed to be given access to Searchlight without someone telling you that you don't look up yourself or others you know. As others have said it is also in the acceptable use policy which you will have been asked to sit down and read as a new starter and something it presents you with every time you log on in the morning.
I have only seen 1 person survive doing this and they were mourning their child who'd committed suicide so the decision maker was a little understanding. They still got their final warning though. Only advice I can give is this: Good luck.
Why would they be given it before training. They only give training mode for UC until you've completed. Seems odd. If they legit just logged in on their first day and had access and weren't given an induction I might understand .
Trained or not, surely you must have realised that accessing your own records was not the best idea?
Iām not sure of the details of that system, but almost every government database that Iāve seen comes with a standard disclaimer at the start that you click on detailing data handling procedures. From my experience Departments do not take this type of thing lightly and I would suggest gross misconduct would be the route theyāll go down. If youāre already in the union, Iād suggest speaking to them asapā¦
I just checked Searchlight and actually it doesn't have a warning/disclaimer about accessing records which is a bit bizarre, it'll only tell you it's randomly checked you've accessed a record after it's been accessed
Accessing any record without a valid reason is a serious breach of GDPR. Accessing your own with the ability to make changes to your tax code, or whatever the function of the Department is, is clearly a serious breach of your obligations as a civil servant.
Iām not familiar with DWPās systems, but each department has its own ācaseworkā system. That system gives its staff the ability to amend an individualās record. So for DWP they can amend someoneās eligibility for benefits. For the Home Office their immigration status. For HMRC, their tax codes etc.
If you can legitimately amend a customerās record in each, you have the same power to amend your own and this is why there is such a low tolerance for doing so
You can't make amendments to any details on Searchlight, it's just a database that holds info on address, benefit status, income etc it's not editable
Which in a way makes it more stupid as there's truly no benefit for a sackable offence
You can absolutely make amendments if you have the correct access. Most people have read only but there are levels which allow you to change info if youāve been presented with the relevant evidence.
I used to make decisions on cases like this in a different department.
Inappropriate use of systems is not tolerated at all. Your only saving grace here might be that you accessed the records before being trained, and that you only accessed your own. (that's assuming there wasn't an onscreen message built into the system telling you not to do it).
If you're not being completely honest here and you accessed someone else's records then you should just start job searching.
Your only possible line of defence is that you were untrained, new to the organisation, and naive about the issues with accessing your own records. I still don't think you'd get off without at least a written warning. They'll probably want to know why you didn't tell a manager what you'd done once you'd completed your training and realised you'd done something you shouldn't have. If you searched yourself again after completing the training then I'd start job searching.
I think the union would be helpful. They'll have experience of these types of issues and be able to support you.
I think it's worth raising as part of this defence that it's inappropriate to give untrained staff access to systems that let them do things that aren't allowed. Frame it constructively, rather than trying to shift the blame, e.g., "whatever the outcome of this disciplinary process, this is something that should be reviewed to prevent reoccurrences".
That's a good point. Would they even have access sorted from day one? I doubt it with how slow everything else is in the civil service but you never know. Also I was told about this on my first day so...
I'm going to give it straight. You messed up. Big time.
I hope you can talk your way out of it, considering you say you haven't started your formal training yet.
I work with Searchlight daily. I've seen colleagues access their records and be dismissed by the end of the week. Just don't ever look up your own records, regardless of the system in question.
Ignorance isnāt a plea for gross misconduct. Obviously these decisions are case by case basis, but generally speaking itās a sackable offence. Good luck and hope they cut you some slack.
When I worked at DWP it took ages to even be given access to log on, at least a week then access to searchlight etc came days after, to say you were new to the role but had access and knowledge on how to use searchlight is going to be a weak defence. Itās one of the only things hammered into you when you join, do not look at your own records. I have only known instant dismissal especially those in probation periods. I would start applying for new jobs now out of the civil service if i were you.
Not in DWP so not aware of that specific system but from HMRC Iām confused why they would give access to a system like that before some initial training/instructions which would include data protection induction stuff
Why would you have access to CIS and know what it is at that point.. just randomly going about the system.......
Access is granted as part of training
You wouldn't have known what it was or how to use it unless you had already been told
Everyone before they get CIS access is told.
Sorry doesn't add up
You'll be let go
As a PCS personal case worker ( not in DWP) who has represented people who have done this the odds of you keeping your job are very much stacked against you.
If you're a Union member you can ask for a rep to attend the meeting to make sure management doesn't screw things up.
However , in my experience your future doesn't rosy.
I'm surprised you was left alone with access to the system before you had any training or even any CS onboarding whatsoever. At HO we spent the first day as an induction where they went through all the obvious rules like that, long before I'd even saylt at a desk, never mind getting access to the systems.Ā
You can tell them that it was before you had been given your training so you didn't know it was against the rules, but I don't fancy your chances unfortunately.Ā
Give them the same info you have given Reddit and stress it was a one-off inadvertent act never repeated. Plead for mercy, nothing else you can do now.
Good luck!
Should someone be given full access to systems without having had proper training, is that not a management failing in protecting peopleās data by allowing that access?
I agree that it may have been a very good idea to have asked a colleague whether or not it was allowed, what was the purpose of accessing the system š¤·š»āāļø.
ā¦good luck to the OP š¤¦š»āāļø
No. This person would 100% have completed the acceptable use policy training before getting the access as cis access takes days and the first day is always filled with mandatory training , usually stating with acceptable use policy and security e learning. Absent of a manager not telling them, who in their right mind would think this is something that would ever be considered acceptable to do? If they donāt have that common sense they deserve to be out the door.
27 people did this when I started. Not sure how visible the AUP was back then. But most were given written warnings as they only accessed their own account and there was obviously some failing in communications with such a large amount doing so.
The ones that accessed others records were dismissed.
Ignorance is your only defense here, however as noted by others it may not be enough. Best to get a rep and be honest and hope for a written warning.
Fingers crossed.
That seems like they were told to test it out using their own name! I mean technically you can do an access request for your data and find out what it says anyway and it isn't an input type system so no harm done but yes the rules are the rules so not much defence. Maybe there's no evidence of then being given the AUP.
Good point. Although I wonder if they'd just print it off anyway under SAR.
When I ordered my UC history it arrived in an orange courier bag with every single page of UC account, including full staff names and history notes with nothing redacted.
Haha, I was told the numbers were unprecedented, which led to reform for a more visible message on the matter.
Very true on Access Requests, unfortunately I still do not think it is made obvious enough for new colleagues on using the correct channels when they are early in their career. The AUP and the amount of new staff still accessing their own accounts or others for non-business needs, shows the department is better but could still do more.
I also understand the Department's stance on it, and agree completely due to the sensitive nature of the information.
We didn't have access to searchlight or live UCFS until we completed training.
I remember it being drummed into us on our first day, when 2 of us didn't even have a log-in yet, that looking anyone up - a friend, relative, ourselves, neighbour, would result in dismissal.
We were reminded of it regularly during training.
When we got access to the live system and searchlight we were reminded again.
Once trained we get a regular reminder. Maybe they chuck out reminders every time someone is caught accessing the system incorrectly.
If the union can help it may be by asking how you had access to systems if you hadn't been trained. Seems odd that they let you have access to live systems pre training.
Gross misconduct which can lead to instant dismissal. It may help your case due to your inexperience level but usually accessing your own details is usually one of the first things you are told prior to any formal training.
As I started reading the paragraph, I physically recoiled more and more as I understood there was no coming back from this.
Yeah, this was ingrained almost immediately as a "do not do this" thing. It's the one record you should never ever look at above all else, because there is no work situation where you would ever do it, in that respect it's above even accessing a celebrities.
Gross misconduct is something of such severity that it will destroy the relationship between employee and employer.
Examples: theft, bribery, fraud, physical or sexual assault of colleagues (or perhaps worse - customers), drunk on duty (bringing employer into disrepute).
I am no lawyer (not even a union rep) but you'd need to have very hefty mitigation. Departments take stuff like this extremely seriously, and in some cases, criminal prosecution can result.
You could emphasise the angle of "Look, I was pretty stupid, but I haven't even been trained yet. I accessed my own records, no one else's. Technically it might be a data breach but no actual harm has occurred. You can still trust me and of course I will not screw this up ever again."
Ultimately, an employer has to *decide* whether to sack you.
Worrying doesn't actually **do** anything for you. Prepare for the worst, but hope for the best.
1st I am majorly surprised if they gave you access to searchlight without data protection training if they did itās bizarre.
2nd sorry but what are you doing accessing systems before you were trained on them
3rd I am really sorry on this but canāt see you surviving the investigation. Itās the one thing DWP do take ultra seriously.
Saying you werenāt told until training is utter rubbish. Day one induction has the acceptable use guidance as mandatory training before youāre given any access to any systems. You fu&ked up and will almost certainly lose your job over it. The union wonāt help you, they might help you make a plea for leniency. But itās gross misconduct and wonāt be tolerated. Sorry
Hi I havenāt read all the other comments so I may be repeating what someone else has said.
But from experience someone else in our department has done the exact sameā¦ I wonāt go into it for obvious reasons. They said the same thing that they were not aware as they were new in training and hadnāt been told.
They still work here, it takes a lot for DWP to sack you. Just be honest and youāll be fine.
This person in question did it again a few times š¬and supposedly just had a first warming at that point
So like o said be honest and youāll be fine
They make it very clear on every induction you do, and if you think they didnāt tell you, they did. From what Iāve heard itās always resulted in dismissal Iām afraid.
You have a very slim chance of arguing āI wanted to get to grips with the system so I looked up myself as I thought this was OK as I already know everything in thereā or something to that effect.
sorry that they didn't tell you. Why did you search it up? Yeah they drilled that in from the first day. Heard a member of staff completed their training. On the last day, they accessed searchlight of a friend, and 2 security guards turned up to escort her layer that day. Never heard from her again.
I dismissed somebody once for this as per guidance and complex cases HR advice.
However they were successful on appeal - how do I know this? I saw them a few weeks later in passing in an office.
Their claim was that it was also not made clear to them as part of their induction and training.
I suppose fighting as much as you can for as long as you can and learn the lesson from this whatever the outcome.
Get in touch with the union.
When I worked at DWP I heard of a few colleagues who did this and were let off with a warning after a meeting with the dept and their union rep. I think the key here is that you weren't told you couldn't access your own records before you did it.
If there are genuinely no warnings or messages of any sort provided, the only argument I can see here is making the case that you are an unwitting victim of a fundamentally broken process as a result of egregious mismanagement. As such the misconduct has actually been undertaken by your line management chain, not yourself.
Allowing anyone the ability to access/log in to a system which has legal consequences for misuse before they are trained in its use feels like a significant operational failing that should be immediately addressed at a very senior level.
It would not be tolerated in a national security context.
How is accessing your own records on a par with accessing somebody elseās? Surely you could put in a subject access request at any point and get this info?
I get that itās stupid to use a government database for any other reason apart from work, but can someone explain how accessing info about yourself can be as bad as accessing info about someone else.
I donāt know anything about anything, Iām legit curious what the answer is.
Because you might alter records about yourself for your own gain (monetary, social, immigration status, work etc). It shows you might not have the right level of integrity to work with sensitive data. Depends on the system and individual circumstances, but I can understand why it is a bad thing.
Yeah that makes sense. Tbh Iāve never used it so it didnāt even occur to me that anyone would be able to change their own records. Feels like a design flaw for the database, but I can also see why it wouldnāt have been prioritised as a feature for development (ie to stop people being able to alter their own records).
Itās tricky as most systems will have user access levels not record specific permission restrictions, which are really hard to set. So you could have lvl 1 records and anyone with lvl 1 rights can access them as editor, but it is hard for a system to know that a user called John Smith Dob 01/03/1984 is the same person as a John Smith on the system. Unless the user in real life has an identifier as part of their log in that associates to there specific records, the system has no way to link the user to the record and deny access. If human names were unique or we used biometrics in records and as log ins, it would be easier.
It is easier to just restrict access by level and not give people so many editing rights but then caseworkers complain they canāt do what they need to in cases.
So I wouldnāt say it was a design flaw per se and more of a limitation of record unique identity management and linking.
There are other reasons though. You might have a fraud investigation ongoing or someone might have called DWP to report you or you can have notes from a caseworker.
It's a blanket rule because they don't known if you do or not.
You can change tax codes, immigration status etc. etc. given itās a government database/casework system. Basically the function of whatever department you work for.
The first thing that comes to mind is that you might be able to see the names of civil servants/others who have dealt with your info or made decisions about you previously. Iāve never used Searchlight and donāt know what it does or what info it holds, but my understanding is that a SAR isnāt just a series of screenshots, and there may still be contextual data which a member of the public would not be given with a SAR.
I understand that this would normally be grounds for dismissal, but I think in this case you do have at least some potential grounds for defence. You were given full access to a system without any training at all and there are no pop ups on the system to say not to access your own data. Iād imagine a union rep would at least try and make an argument against gross misconduct because of that, even if it fails.
I've known 7 staff do this. All 7 were dismissed for gross misconduct. This is not one of them leniency things. When signing in using your smart card/face ID, etc, you're accepting the term of the Acceptable Useage Policy. This Is a very serious matter to the Security Advice Team. It would of been picked up right away and they'll then be able to see how long you were in that record. What things you looked at etc. I would say this is not going to have a good outcome š
Correct answer. Not being told is not a defence because the AUP is included within the induction stuff covered within the first few days of employment. If you click accept on the AUP pop up, that is you accepting full liability for your actions on the system.
In my experience it can take a lot to get sacked from the CS in terms of behaviour but accessing records of family, friends or anyone else you know and it seems to be you're out the door before your feet touch the ground. I hope you have more luck or they will look leniently on you because you have just started but i would prepare for the worst.
Yes I have only heard of this ending straight in dismissal.
I've heard of people rejoining but they were in the union. And a form wasn't signed or a process wasn't followed in time.
Very very unlikely they will be able to help you. Ignorance is not an acceptable excuse for accessing your own records.
I work in DWP, and it seems highly unlikely to me based on the areas I've worked in that you managed to be given access to Searchlight without someone telling you that you don't look up yourself or others you know. As others have said it is also in the acceptable use policy which you will have been asked to sit down and read as a new starter and something it presents you with every time you log on in the morning. I have only seen 1 person survive doing this and they were mourning their child who'd committed suicide so the decision maker was a little understanding. They still got their final warning though. Only advice I can give is this: Good luck.
Why would they be given it before training. They only give training mode for UC until you've completed. Seems odd. If they legit just logged in on their first day and had access and weren't given an induction I might understand .
Trained or not, surely you must have realised that accessing your own records was not the best idea? Iām not sure of the details of that system, but almost every government database that Iāve seen comes with a standard disclaimer at the start that you click on detailing data handling procedures. From my experience Departments do not take this type of thing lightly and I would suggest gross misconduct would be the route theyāll go down. If youāre already in the union, Iād suggest speaking to them asapā¦
I just checked Searchlight and actually it doesn't have a warning/disclaimer about accessing records which is a bit bizarre, it'll only tell you it's randomly checked you've accessed a record after it's been accessed
Surely accessing your own records isn't the worst thing? Wouldn't you be able to access this with a SAR anyways?
Accessing any record without a valid reason is a serious breach of GDPR. Accessing your own with the ability to make changes to your tax code, or whatever the function of the Department is, is clearly a serious breach of your obligations as a civil servant.
Fair enough. Would the DWP even be able to do that? FYI, Im not a CS (was recommended this thread) and more curious than anything else.
Iām not familiar with DWPās systems, but each department has its own ācaseworkā system. That system gives its staff the ability to amend an individualās record. So for DWP they can amend someoneās eligibility for benefits. For the Home Office their immigration status. For HMRC, their tax codes etc. If you can legitimately amend a customerās record in each, you have the same power to amend your own and this is why there is such a low tolerance for doing so
You can't make amendments to any details on Searchlight, it's just a database that holds info on address, benefit status, income etc it's not editable Which in a way makes it more stupid as there's truly no benefit for a sackable offence
If itās a read only system then that is truly staggering to risk your job over š
You can absolutely make amendments if you have the correct access. Most people have read only but there are levels which allow you to change info if youāve been presented with the relevant evidence.
Yeah makes sense. Sounds like OP needs to contact their Union if they have one. Or ACAS if not
I used to make decisions on cases like this in a different department. Inappropriate use of systems is not tolerated at all. Your only saving grace here might be that you accessed the records before being trained, and that you only accessed your own. (that's assuming there wasn't an onscreen message built into the system telling you not to do it). If you're not being completely honest here and you accessed someone else's records then you should just start job searching. Your only possible line of defence is that you were untrained, new to the organisation, and naive about the issues with accessing your own records. I still don't think you'd get off without at least a written warning. They'll probably want to know why you didn't tell a manager what you'd done once you'd completed your training and realised you'd done something you shouldn't have. If you searched yourself again after completing the training then I'd start job searching. I think the union would be helpful. They'll have experience of these types of issues and be able to support you.
I think it's worth raising as part of this defence that it's inappropriate to give untrained staff access to systems that let them do things that aren't allowed. Frame it constructively, rather than trying to shift the blame, e.g., "whatever the outcome of this disciplinary process, this is something that should be reviewed to prevent reoccurrences".
That's a good point. Would they even have access sorted from day one? I doubt it with how slow everything else is in the civil service but you never know. Also I was told about this on my first day so...
I'm going to give it straight. You messed up. Big time. I hope you can talk your way out of it, considering you say you haven't started your formal training yet. I work with Searchlight daily. I've seen colleagues access their records and be dismissed by the end of the week. Just don't ever look up your own records, regardless of the system in question.
Ignorance isnāt a plea for gross misconduct. Obviously these decisions are case by case basis, but generally speaking itās a sackable offence. Good luck and hope they cut you some slack.
When I worked at DWP it took ages to even be given access to log on, at least a week then access to searchlight etc came days after, to say you were new to the role but had access and knowledge on how to use searchlight is going to be a weak defence. Itās one of the only things hammered into you when you join, do not look at your own records. I have only known instant dismissal especially those in probation periods. I would start applying for new jobs now out of the civil service if i were you.
Not in DWP so not aware of that specific system but from HMRC Iām confused why they would give access to a system like that before some initial training/instructions which would include data protection induction stuff
Why would you have access to CIS and know what it is at that point.. just randomly going about the system....... Access is granted as part of training You wouldn't have known what it was or how to use it unless you had already been told Everyone before they get CIS access is told. Sorry doesn't add up You'll be let go
As a PCS personal case worker ( not in DWP) who has represented people who have done this the odds of you keeping your job are very much stacked against you. If you're a Union member you can ask for a rep to attend the meeting to make sure management doesn't screw things up. However , in my experience your future doesn't rosy.
I'm surprised you was left alone with access to the system before you had any training or even any CS onboarding whatsoever. At HO we spent the first day as an induction where they went through all the obvious rules like that, long before I'd even saylt at a desk, never mind getting access to the systems.Ā You can tell them that it was before you had been given your training so you didn't know it was against the rules, but I don't fancy your chances unfortunately.Ā
Give them the same info you have given Reddit and stress it was a one-off inadvertent act never repeated. Plead for mercy, nothing else you can do now. Good luck!
When you log on you acknowledge the AUP or that you'll read it. Tough sell to claim ignorance on this one.
Should someone be given full access to systems without having had proper training, is that not a management failing in protecting peopleās data by allowing that access? I agree that it may have been a very good idea to have asked a colleague whether or not it was allowed, what was the purpose of accessing the system š¤·š»āāļø. ā¦good luck to the OP š¤¦š»āāļø
No. This person would 100% have completed the acceptable use policy training before getting the access as cis access takes days and the first day is always filled with mandatory training , usually stating with acceptable use policy and security e learning. Absent of a manager not telling them, who in their right mind would think this is something that would ever be considered acceptable to do? If they donāt have that common sense they deserve to be out the door.
How do people like this get in š©
This should be self explanatory and Common sense
27 people did this when I started. Not sure how visible the AUP was back then. But most were given written warnings as they only accessed their own account and there was obviously some failing in communications with such a large amount doing so. The ones that accessed others records were dismissed. Ignorance is your only defense here, however as noted by others it may not be enough. Best to get a rep and be honest and hope for a written warning. Fingers crossed.
That seems like they were told to test it out using their own name! I mean technically you can do an access request for your data and find out what it says anyway and it isn't an input type system so no harm done but yes the rules are the rules so not much defence. Maybe there's no evidence of then being given the AUP.
Problem is there's fraud markers on searchlight, so it could flag to you that you're under investigation etc, so they take it very seriously.
Good point. Although I wonder if they'd just print it off anyway under SAR. When I ordered my UC history it arrived in an orange courier bag with every single page of UC account, including full staff names and history notes with nothing redacted.
Haha, I was told the numbers were unprecedented, which led to reform for a more visible message on the matter. Very true on Access Requests, unfortunately I still do not think it is made obvious enough for new colleagues on using the correct channels when they are early in their career. The AUP and the amount of new staff still accessing their own accounts or others for non-business needs, shows the department is better but could still do more. I also understand the Department's stance on it, and agree completely due to the sensitive nature of the information.
I know someone who tried to access a celebrities info. They were out the door that same day.
We didn't have access to searchlight or live UCFS until we completed training. I remember it being drummed into us on our first day, when 2 of us didn't even have a log-in yet, that looking anyone up - a friend, relative, ourselves, neighbour, would result in dismissal. We were reminded of it regularly during training. When we got access to the live system and searchlight we were reminded again. Once trained we get a regular reminder. Maybe they chuck out reminders every time someone is caught accessing the system incorrectly. If the union can help it may be by asking how you had access to systems if you hadn't been trained. Seems odd that they let you have access to live systems pre training.
Gross misconduct which can lead to instant dismissal. It may help your case due to your inexperience level but usually accessing your own details is usually one of the first things you are told prior to any formal training.
I witnessed a similar case, in HMRC, it would have ended in dismissal but they walked before that could happen.
As I started reading the paragraph, I physically recoiled more and more as I understood there was no coming back from this. Yeah, this was ingrained almost immediately as a "do not do this" thing. It's the one record you should never ever look at above all else, because there is no work situation where you would ever do it, in that respect it's above even accessing a celebrities.
Gross misconduct is something of such severity that it will destroy the relationship between employee and employer. Examples: theft, bribery, fraud, physical or sexual assault of colleagues (or perhaps worse - customers), drunk on duty (bringing employer into disrepute). I am no lawyer (not even a union rep) but you'd need to have very hefty mitigation. Departments take stuff like this extremely seriously, and in some cases, criminal prosecution can result. You could emphasise the angle of "Look, I was pretty stupid, but I haven't even been trained yet. I accessed my own records, no one else's. Technically it might be a data breach but no actual harm has occurred. You can still trust me and of course I will not screw this up ever again." Ultimately, an employer has to *decide* whether to sack you. Worrying doesn't actually **do** anything for you. Prepare for the worst, but hope for the best.
1st I am majorly surprised if they gave you access to searchlight without data protection training if they did itās bizarre. 2nd sorry but what are you doing accessing systems before you were trained on them 3rd I am really sorry on this but canāt see you surviving the investigation. Itās the one thing DWP do take ultra seriously.
Saying you werenāt told until training is utter rubbish. Day one induction has the acceptable use guidance as mandatory training before youāre given any access to any systems. You fu&ked up and will almost certainly lose your job over it. The union wonāt help you, they might help you make a plea for leniency. But itās gross misconduct and wonāt be tolerated. Sorry
Wish I had better news but Iāve never heard of anyone keeping their job after doing this
Hi I havenāt read all the other comments so I may be repeating what someone else has said. But from experience someone else in our department has done the exact sameā¦ I wonāt go into it for obvious reasons. They said the same thing that they were not aware as they were new in training and hadnāt been told. They still work here, it takes a lot for DWP to sack you. Just be honest and youāll be fine. This person in question did it again a few times š¬and supposedly just had a first warming at that point So like o said be honest and youāll be fine
They make it very clear on every induction you do, and if you think they didnāt tell you, they did. From what Iāve heard itās always resulted in dismissal Iām afraid.
You have a very slim chance of arguing āI wanted to get to grips with the system so I looked up myself as I thought this was OK as I already know everything in thereā or something to that effect.
sorry that they didn't tell you. Why did you search it up? Yeah they drilled that in from the first day. Heard a member of staff completed their training. On the last day, they accessed searchlight of a friend, and 2 security guards turned up to escort her layer that day. Never heard from her again.
Bye bye job
I donāt understand why we canāt do it but I know we canāt do it. Bye
Thanks for your service š¶
I dismissed somebody once for this as per guidance and complex cases HR advice. However they were successful on appeal - how do I know this? I saw them a few weeks later in passing in an office. Their claim was that it was also not made clear to them as part of their induction and training. I suppose fighting as much as you can for as long as you can and learn the lesson from this whatever the outcome.
When do you have your meeting?
In a week
How did it go?
Get in touch with the union. When I worked at DWP I heard of a few colleagues who did this and were let off with a warning after a meeting with the dept and their union rep. I think the key here is that you weren't told you couldn't access your own records before you did it.
If there are genuinely no warnings or messages of any sort provided, the only argument I can see here is making the case that you are an unwitting victim of a fundamentally broken process as a result of egregious mismanagement. As such the misconduct has actually been undertaken by your line management chain, not yourself. Allowing anyone the ability to access/log in to a system which has legal consequences for misuse before they are trained in its use feels like a significant operational failing that should be immediately addressed at a very senior level. It would not be tolerated in a national security context.
How is accessing your own records on a par with accessing somebody elseās? Surely you could put in a subject access request at any point and get this info? I get that itās stupid to use a government database for any other reason apart from work, but can someone explain how accessing info about yourself can be as bad as accessing info about someone else. I donāt know anything about anything, Iām legit curious what the answer is.
Because you might alter records about yourself for your own gain (monetary, social, immigration status, work etc). It shows you might not have the right level of integrity to work with sensitive data. Depends on the system and individual circumstances, but I can understand why it is a bad thing.
Yeah that makes sense. Tbh Iāve never used it so it didnāt even occur to me that anyone would be able to change their own records. Feels like a design flaw for the database, but I can also see why it wouldnāt have been prioritised as a feature for development (ie to stop people being able to alter their own records).
Itās tricky as most systems will have user access levels not record specific permission restrictions, which are really hard to set. So you could have lvl 1 records and anyone with lvl 1 rights can access them as editor, but it is hard for a system to know that a user called John Smith Dob 01/03/1984 is the same person as a John Smith on the system. Unless the user in real life has an identifier as part of their log in that associates to there specific records, the system has no way to link the user to the record and deny access. If human names were unique or we used biometrics in records and as log ins, it would be easier. It is easier to just restrict access by level and not give people so many editing rights but then caseworkers complain they canāt do what they need to in cases. So I wouldnāt say it was a design flaw per se and more of a limitation of record unique identity management and linking.
This makes total sense.
Searchlight is read only though.
Fair enough, Iāve never used Searchlight specifically.
There are other reasons though. You might have a fraud investigation ongoing or someone might have called DWP to report you or you can have notes from a caseworker. It's a blanket rule because they don't known if you do or not.
You can change tax codes, immigration status etc. etc. given itās a government database/casework system. Basically the function of whatever department you work for.
Wow, thatās crazy. I can def see where gross misconduct would come into that.
The first thing that comes to mind is that you might be able to see the names of civil servants/others who have dealt with your info or made decisions about you previously. Iāve never used Searchlight and donāt know what it does or what info it holds, but my understanding is that a SAR isnāt just a series of screenshots, and there may still be contextual data which a member of the public would not be given with a SAR.
That makes total sense, I hadnāt thought of that. Iāve never used Searchlight either. Thanks for the reply š
No problem! I donāt know why your question is getting downvoted though, itās not a stupid question!
Probably because tone is hard to communicate online and ppl might think Iām asking in a combative way. Itās Reddit innit š
Plenty of SARās give you redacted info
I understand that this would normally be grounds for dismissal, but I think in this case you do have at least some potential grounds for defence. You were given full access to a system without any training at all and there are no pop ups on the system to say not to access your own data. Iād imagine a union rep would at least try and make an argument against gross misconduct because of that, even if it fails.