It hasn't quite come to it yet, but i'd like some advice on Unfair dismissal laws

Problem started months ago at work, when people kept changing settings on the PC's we use, namely sounds, volume and display settings

Then last week, someone deleted shortcuts to all our programs we use, along with some programs from other pcs (Scanner programs)

Now, I work from 2 - 10PM, as do two others I work with (1 normal employee, 1 supervisor)
At the time the files were deleted, we were doing non computer work (Manual stuff)

But, the manager who works downstairs, insisted it was us, because we're the only people with a background in IT, even though the evidence at hand showed it was done BEFORE we were on the pc's and doing other work.

So we go to use the PC's at roughly 4PM and find all our programs and links gone, the IT guy on site helps us fix the problems, which were on about 10 pc's alltogether.

So we're dragged into a meeting (me, my colleague and my supervisor) because they had evidence we'd deleted shortcuts on one pc, which was true, my colleague and supervisor removed 3 redundent shortcuts that never worked anyways and we got a lecture on how it was none of our business to be messing with shortcuts.

Today, we get dragged into a very short meeting and are told we're being suspended for 7 days because further events have happened (System files being deleted on other pc's)

So me and my colleage are suspended
They have NO proof we did anything, they have no tracking software of any kind and they have no clue when or how it was done, yet we get suspended anyways, pending an "Investigation"

So with that said, can someone offer any advice?
If we do get fired for suspicion, can we sue?

Event viewer?

Does the event viewer log file/folder deletions? I don't see anything in my event viewer?

If we do get fired for suspicion, can we sue?Absolutely.........in fact, atm, you could probably leave and then take them to an industrial tribunal for constructive dismissal.........but I wouldn't recommend that as it's very stressful
__________________

Does the event viewer log file/folder deletions? I don't see anything in my event viewer?I don't know. Check it.

Restore point, but how they can they accuse anyone without specific evidence is beyond me. :(

I don't know. Check it.

Yea I did, it only logs system messages and system info, not file modifications/deletions
That was my first guess when everything went wrong, but they said no there was nothing in there

If you really want to mess things up for them you go to your GP claiming stress and get given antidepressants and then go sick with stress(assuming you get pay when on sick).............then, when you take them to tribunal (assuming you win) you get a sympathetic hearing and more of a pay-out.
__________________

Restore point, but how they can they accuse anyone without specific evidence is beyond me. :(Whats listed in restore point? :dunce:

I doubt they know how to use that restore feature, heh

As for stress, you're not far wrong, what with my dad allmost dying a few times and this rubbish at work, I am stressed :P

A case for constructive dismissal is a hell of a lot harder to prove than unfair dismissal... so stick with it and if you get fired, then get advice about pursuing a claim then.

Are you suspended with/ without pay? It is perfectly reasonable for a compy to suspend people on full pay while an investigation goes on, but i am not sure of the legal position of doing this without pay...

I assume, they have no security7 etc on the PC's Iwould personally demand they proveyou are to blame forthis, any company using computers with multiple users should have adequate security set up to stop this from being allowed to happen, its not difficult or expensive to set up.

They should spend a little time sorting out there 'IT Policy' rather than sacking/suspending people over this...
__________________

In other words if this where to go to tribunal, unless they have CCTV/witness's etc.. I cannot see how you could lose..

how pathetic. obviously you have a prankster, mischieft maker etc in your company. they should be taking steps to covertly trap this person not implicate innocent staff. deleting shortcuts etc is hardly earth shattering - the only crime is that valuable time has been lost fixing it.

they should be tightening up things by putting passwords on all the pcs and setting up system restore plus implement a policy where you must logout whenever you leave your pc unattended. problem solved. system files etc can only be deleted if someone is logged in so if you have passwords setup it should stop this also. they should also install CCTV.

enjoy your suspension, make sure you get paid to be at home in the sun and if you dont go and see citizens advice.

It's your employers responsibility to secure their terminals correctly, if someone had been deleting shortcuts before now then the Admin of the system should have either secured the basic profile that was being tampered with or should have started tracking deletion events on that profile. There are ways to track activities like that built into Windows XP Pro and Server 2003, all you have to do is set the correct parameters for it.
If your system is not secured correctly then the company (the sys admin to be precise) is at fault here not you. When it first occured they should have checked the permissions on the accounts in use and tightened them up properly. How someone has managed to delete system files I don't know as depending on operating system they should be protected from this.

Has the general office been made aware of your dismissal? If not, surely all you have to do is to sit at home and wait for it to happen again?

My advice for what it's worth is to make a note of everything that has happened and in future keep a diary of any other incidents. This will be useful should things go to a tribunal.

If you are stressed and it is work related you should formally advise your employers who then, I understand, have a statutory duty to take steps.

Good luck with it. Sounds like your employer is as petty and pathetic as my last (well the IT director of my last).

An employer can suspend any employee for any reason they want. They can dismiss any employee for any reason they want. A dismissed employee can put a claim for unfair dismissal before an Employment Tribunal. The claim could be that the employer hadn't followed the correct grievance procedure and / or the offence wasn't a dismissable offence or you were not guilty of commiting the offence. If the Tribunal decides that your dismissal was unfair you will receive compensation and the Tribunal may direct that you should be reinstated. The employer does not have to reinstate you however but if they don't you will be eligible for additional compensation. The problem with unfair dismissal though is that even if a Tribunal finds in your favour potential future employers may take the view that there is no smoke without fire and not consider your application.

You do not actually have to be dismissed to claim unfair dismissal. You can claim constructive dismissal if your employers conduct is such that it makes you resign.

They really have no idea how to setup propery security at ths work place
Everyone uses the same windows XP (Local) login, so that's why they can't trace who did it and when
Everyone has administrator rights on the PCS and on the LAN

I am sorry about this, how long have you been employed??? As I had a carry on with a previous employer, but the solicitor could not do anything as it was less than 12weeks, if it is more than 12 weeks I would go for legal advice and the first 30 minutes is free.

They really have no idea how to setup propery security at ths work place
Everyone uses the same windows XP (Local) login, so that's why they can't trace who did it and when
Everyone has administrator rights on the PCS and on the LAN

That's staggering. Where I work, our network would last less than a week if we allowed the users admin rights. I realise our system is a little larger than yours (multiple servers, 300 PCs for students and hundreds of PCs for staff). Where I work, there are 4 domain admins (who have admin rights over everything), several administrator (who administer the student machines) and all members of staff get admin rights over their own machines. The students get no admin rights at all (unless they have a prior arrangement for a project). All users have unique accounts, and all domain and student lab administrators have two accounts (one normal, and the other with their admin rights). Our system would be way over the top for your needs, but your company should at least enforce user accounts.

Surely the company is treading a thin line with the DPA if everyone is working using the same Admin account?

Dunno if this might be of any help: http://www.dti.gov.uk/er/individual/rights-pl716.htm

Surely the company is treading a thin line with the DPA if everyone is working using the same Admin account?

I honestly don't know, but every machine there has an admin login to the machine itself (Local, admin logon)
To add to that, from what i've seen, every machine has it's C drive FULLY shared with the whole network, and, all the servers have full read/write permissions granted to the local admin logon
So anyone with half a brain and ability to use explorer, could delete anything on any machine and on any server.
But, myself and my colleagues are being singled out because we come from an IT background and they claim no one else could possibly have done it...er....it doesn't take an IT certificate to delete a folder, shortcut or file last time I checked.
__________________

but your company should at least enforce user accounts.

I fully agree, but they have no server side user accounts, least, we don't log onto a NT/Win2k domain controller, it's basically an open network, a disaster waiting to happen

a disaster waiting to happen

Sounds to me like it's waiting no more.....

Heh well with all that said, 2 weeks on allmost and they haven't put in user accounts, nor restricted access to the server, or other pcs, OR put in permissions on files/folders.

So you work for a company running a windows file and printer sharing network, sounds like they need to go buy one of these.

http://www1.euro.dell.com/content/products/productdetails.aspx/pedge_sc420?c=uk&cs=ukbsdt1&l=en&s=bsd

www.dell.co.uk EValue Code NPIUK4-PE614201

With Windows 2003 Small Business Server installed on it and get configuring.

I honestly don't know, but every machine there has an admin login to the machine itself (Local, admin logon)
To add to that, from what i've seen, every machine has it's C drive FULLY shared with the whole network, and, all the servers have full read/write permissions granted to the local admin logon
So anyone with half a brain and ability to use explorer, could delete anything on any machine and on any server.
But, myself and my colleagues are being singled out because we come from an IT background and they claim no one else could possibly have done it...er....it doesn't take an IT certificate to delete a folder, shortcut or file last time I checked.


from what you've said, it sound far more like a nonce without a clue in the world just randomly doing things rather than someone who knows what (not) to delete. I'm sure that if the system is as open as you say then you and your colleagues could have a field day in there. Couple of system files pah! I want the server's to scream for mercy before I'm done bwwwhahahaha! Ahem.

As for the company suspending you, I'd make the most of the paid time off and demand a full apology when you return along with proof that none of this is on your record. If your bored, spend a day or so writing up the timeline of what happened while its still fresh in your mind e.g.

16th May 3:45 clocked in and started processing boring paper work with mr A and Miss B
16th May 4:04 PM files X,Y, and Z deleted from the system
16th May 5:12 Finished the paper work and logged onto the system to update records as per boring paper work.

I have to be honest, it looks like you might well get your day in court. Baseless accusations against you which the company has absolutly no way of proving... have you upset the IT department recently ? (You know like suggesting things like they do their job properly and securing access) The problem here is that is they're willing to suspend you without proof* just because you know a bit about IT then it sounds like someone in the company thinks you are a threat and rather than try to resolve this sensibly they are looking to make you the scapegoats.

Hope it all turns out well for you though...

Scarlett

*sorry without proof that might stand up in court, 'He was in the building when it happend' ain't gonna cut the ice.

Oh and if they think about surveilance, then it cannot be specifically on you - it must be on you and your peer group.

e.g you cannot accuse someone of poor timekeeping without comparable records for others in the same team.

Well our team leader is on our side in this, although there's little that can be done from his end, but he's as annoyed (to put it lightly) as we are
He's looking for another job

But he told me a day or so after the original "meeting", that the manager considered my colleage a threat to the company and apparently was going to do background checks on him.

Perhaps you need an IT manager to put the system all right, perhaps you can put yourself forward for the job, that could be a brighter side :D

However, you might like to look for alternative employment at a company that does things properly rather than a bunch of cowboys.

Heh, I agree
We have 1 IT guy on site, just shows how poorly run the place is, but he does more programming than anything.
It isn't an overly large company by any means, but it sure does need a shakeup.

The company wil have a hard time firing you if they have no evidence.
Not unless they are willing to lose an unfair dismissal court case.

However they must have something, they wouldnt be stupid enough to suspend you with nothing. Normally a suspension is to stop you removing any possible further evidence.
They then should formally advise you of a disciplinary hearing.
Before the hearing they MUST present you the evidence for you to base your defence.
Failure to comply will again leave them wide open for legal action.

It seems had the company even the slightest idea of how to run and administer the network they wouldnt have been able to get into this mess. Where I work we cant do **** without it being discoverable (should they choose to look for it).

Your only option is to see what the evidence is, if you are not named in any of it demand an apology in writing.

If you have done anything then its usually best to hold your hands up and say "hey I screwed up it was a genuine mistake".
They cannot however discipline you on somehting thta comes to light during your disciplinary, for example it must only be to do with the removal of files and shortcuts (shortcuts is hardly a disciplinary matter btw)

Its much more likely that they know exactly who did it and need to stop others, such as yourself from hiding anything.

what does your company do? I assume it's a place where IT is a 'side line' for running the accounts or whatever and it's more "computers" than "IT". for example a car dealership for example with a few shops and one site running the 'accounts'. sounds like a culture change is required. I'm sure if you go to tribuneral in the unlikely event you are fired, there will be at least one offer of an 'expert' witness from here to appear at your tribuneral to explain the fact that Joe Blogs off the street could have popped in and done the IT hacks.

The fact is - anyone who has access to the room you use could have done this or assuming it's networked then anyone who has access to any pc on the network. and if it's on the internet perhaps even an outside hacker. I assume if they're on the internet then they dont have a firewall!

Well that's the problem i'm having, the supervisor himself told the manager, we didn't do it
We weren't near any of the pc's that were sabotaged nor were we on ANY PC's during the time the stuff went missing.
There's probably about....50 pc's on site, probably more
The place I work at deals with "document management" and "correspondence scanning"
Basically we scan stuff and input data
Anyone there, can do damage to the system, because every pc has admin rights on the network.

There's some handy info here: http://www.emplaw.co.uk/emplaw/employeehome/employee.aspx

<snip>
The place I work at deals with "document management" and "correspondence scanning"
Basically we scan stuff and input data
Anyone there, can do damage to the system, because every pc has admin rights on the network.
For others? This means your DPA requirements and probably the requirements in your contract are even higher than just having your won data on site.

Yea, we deal with check processing, billing processing and other stuff for major companies, including NTL.

You must insist on having the allegations in writing, AND you must insist on seeing all the evidence they have against you.

You're entitled to this, although many employers will try to say you are not.

I doubt I could do much unless I got fired, but if they say i've now got a mark on my employement record, then i'll demand proof
If they do put a mark on it and have no proof (which they wont have) , I don't see what options i'd have, legally

I find it amazing that any business where computer use is clearly so important to it's function can be so cavalier, in this day and age with it's IT systems. But it does seem to happen very frequently. Bottom line is that your organisation does not have anything that could even remotely be called an IT Manager. It is wide open to abuse accidental or wilful and this could take place at any time, by any user, on any PC. The company should be very concerned at the continued weaknesses that these incidents are highlighting and get off their backsides to address it. It's not difficult.

No doubt with a company that lax on it's IT policies, a large proportion of it's software will be inadequately licenced. They need to be very concerned about the protection of their data.

As for your own situation, stick to your guns, maintain you were nowhere near the computers at the times of the alleged issues, which is backed up by your supervisor, ask to see your personel file to ensure there are no unfair records on it.

Well, I should be getting a written letter tomorrow or the day after with the results of their stupid investigation

If you think its unfair and you dont' have a union or anyone to help you at work you could always call in ACAS. They are pretty good at advising and its free. The link is here (http://www.acas.org.uk/)

Sian

When you do return to work, you should insist that the PC that you use to work on is rearranged so that there are seperate desktops and logins per person, that all desktops have admin rights removed &that proper system security is put in place.

Use this as an example of what happens when they do not have this in place.

If needs be complain to the company directors themselves.

Given what you do there I'd have thought that the customers would not be very happy if this got out to the press. The DPA can be breached so easily if it's not secure.

Got the official letter this morning.

Titled Suspension pending further investigation.

Main part went on to say

Further to your meeting with (managers name) and (supervisors name)
I am writing to confirm that on (suspension date) you were suspended on full pay pending further investigation into allegations of malicious damage to company property.
These allegations, if substantiated, would breach company disciplinary and principles procedure and result in disciplinary action being taken

It goes onto say a full investigation will be conducted quickly and thoroughly as possible in order ot ensure that the period of tiime you remain suspended is kept to a minimum and says i'll find out the result of the investigatoin no later than sunday

Any thoughts? heh

"allegations of malicious damage to company property"

I suggest you wait until this is complete and then if they claim it is substantiated go see citizens advice. It could be they have suspended you and others in order to clear out the department for a few days as they know it's one of you and dont want that person to cause any more damage.

very stressful - have you worked there long?
__________________

oh and I suggest a tip off to 'fast' come monday morning if they are continuing with this.

"allegations of malicious damage to company property"

I suggest you wait until this is complete and then if they claim it is substantiated go see citizens advice. It could be they have suspended you and others in order to clear out the department for a few days as they know it's one of you and dont want that person to cause any more damage.

very stressful - have you worked there long?
.

Worked there since November last year

And yea, it is stressful

But what gets me is, the only proof they had of one of us "Sabotaging" the system, was two print screens of a recycle bin with 3 shortcuts and 2 WAV files in it, that was the "proof" they had of us doing wrong and we had to sit through a 45minute meeting to be lectured on how it isn't our job to mess with shortcuts or deleting them, lol
The shortcuts were allready in the recycle bin as they'd been deleted in the past because the programs never existed, but my supervisor restored them, realised they didn't point to anything, so he then redeleted them.

Ironic thing was, my supervisor and colleage were the ones that admitted to doing it freely, I wasn't even involved, yet I was dragged into it to.
If anything, this borders on discrimination, discriminating against the fact all three of us have IT backgrounds, hehe.

Sorry but your company seriously needs to address its failure to secure it's systems properly. Any half decent admin would be able to secure that desktop in a matter of minutes and if it had happened repeatedly the admin could have taken steps to trace the culprit. Does the company you work for actually know what the DPA is?

Hmm, so the one place they have evidence is a user deleting icons off the specific machine they were working on. Of course as this is a wide open windows file and printer sharing network anyone can delete anything from anywhere and because they are not doing it locally it will not go to the recycle bin.

FAST is not the only place I would call here. If this gets messy then a call to the Data Protection Registrar (or whatever she is called these days), and a quick review of your customers terms and conditions (to their customers) and how this does not fit in with the data protection requirements of the firm they subcontract to.

They need to shape up.

deleting a shortcut is not and cannot be considered malicious damage. A shortcut is exactly what it says it is, a small icon that links to the master file.

Anyone, without admin rights can delete a shortcut, they tend to be user created.

Evidence in the recycle bin proves nothing, it wont even show who put it there.

Wait for the result of the investigation, if they then decide to discipline you, ask for the evidence and state they MUST give you 7 days with this evidence so you can adequatly prepare your case.

Do not and I repeat DO NOT act cocky, sometimes if you have done somehting that is really small they will give you a verbal warning, being cocky can quickly escalate this to a first and final or dismissal if it can be termed gross misconduct.

I recently went through it myself because of the words Heh heh on an email.
Aparently it was gross misconduct because it made the company look bad. I got a first and final, and really I should have been sacked on the spot as it is gross misconduct in the companies terms and conditions of employment.

I took it on the chin and said that even though it looked bad it wasnt intended to and the only thing I was guilty of was not stopping to consider what I said before saying it.

As i said before, get a copy of the companies disciplinary procedure, take someone not connected with the investigation in to the hearing with you, take a union rep if you have one. Be calm, state your case, and if you can rip their "evidence" to pieces. Be firm and not cocky.
If they try and introduce anything else other than what is in the letter, YOU terminate the proceedings and explain exactly why, make sure it is in your minutes and the official minutes.
If they have no evidence against you, question exactly why they are proceeding with this course of action against you.

And when its all over, request a copy of your employment record to be sure they havent entered anything unsavoury there.

Also you could do as others have said and site data protection in your case and the companies lack of it.

If its going really really badly and you are going to lose your job, blow the lid on the company, embarras them to their clients and seek unfair dismisall.

At the hearing you must ensure you have a colleague on your side of the proceedings. I would recommend that this is the most senior person in the firm you can find that is on your side, this is at least your supervisor and if you can get it to be their supervisor all the better. It looks much better in a hearing if you have support from on high, not just a mate with you.

TW answered how to handle yourself, wait your turn to speak don't try to talk over people, answer clearly and consisly and don't expand on their question unless it benefits you. The story so far makes their case sound flakey.

If part of the return to work results in increased supervision then that must be applied equally to your peer group, not specifically to you.

Yea, we deal with check processing, billing processing and other stuff for major companies, including NTL.

:Yikes:

Please tell me that there is no chance that any of my personal details could have passed through your company.....

Please tell me that there is no chance that any of my personal details could have passed through your company.....

I personally dont' deal with or get involved with the billing processing or check processing side of it and am not to familiar with how the system works
But, the pc's that the work is done on, are the same as the others in the work place, same admin type logon, same openness on the network.

But I honestly don't know how the data is stored or transfered
From what i've seen of their system, they all do the same thing
The stuff is scanned and input and it gets transfered to a server downstairs, and at the end of the day, the data is zipped up and sent across the internet to the respective companies, or something like that.
__________________

My problem throughout all of this is this

During the first meeting, they openly admitted they have NO way of tracking when the damage was done, by whom, or how
There's obviously many ways it could've been done, at the PC itself, or remotely across their open network.
They claimed they were "taking steps" to ensure everything is tracked, yet, 2 weeks on, it's still the same
Each PC has 2 logins, Administrator and another admin account (different name)
It'd be logical to assume the main admin account could've set permissions for the 2nd one for every folder/file, so it couldn't be deleted, right?
At least, that's my understanding of the whole NT/XP security settings.
Their only arguement and "proof" that we were responsible, was that we are the only ones with an IT background and no one else is capable of deleting programs/folders or shortcuts.
That's a load of rubbish in my opinion, if someone can click on an icon, they can just as easily right click and select "Delete"
It's not rocket science

Sounds it - so you process allocations of cheques and other payments onto the NTL billing system. Hmm, what does NTL say about its own data protection.

7. Looking After Your Data

ntl is committed to data security. We have implemented technical, managerial and operational security, rules, procedures and measures to ensure that your personal information is held within operating environments that are not available to the public. We take steps to guard against unauthorised access, improper use, alteration, destruction and accidental loss of personal data. This includes rules for all ntl staff with access to the servers or databases that hold your personal information. Although we make every effort to create a secure environment for your personal information, ntl cannot guarantee the safety of any personal information you transmit to ntl online.

9. Contacting Us

If you have any questions or concerns about our use of your personal information you should write in the first instance to ntl's Group Compliance Officer at the address below or email us at privacy@ntl.com. Please use this address to let us know of any experience with privacy problems you may have with any of the sites to which our services link.

Group Compliance Officer
ntl
Bartley Wood Business Park
Hook
Hampshire
RG27 9XA

Information Commissioner

If you want to learn more about your rights regarding personal data you should contact the Information Commissioner's office information line on 01625 545745 or visit their web site at www.informationcommissioner.gov.uk.

Hmm, so the one place they have evidence is a user deleting icons off the specific machine they were working on. Of course as this is a wide open windows file and printer sharing network anyone can delete anything from anywhere and because they are not doing it locally it will not go to the recycle bin.


Correct
And that's why they're in the wrong
I stated to the supervisor after the meeting, that one of us would've had to have been at each of the pc's which had stuff sitting in the recycle bins, yet managers would't believe that
Them and their "vast" IT knowlege (sarcasm) don't know how windows works obviously, they just stuck to their arguement that "you have IT backgrounds, you did it"

The ironic thing is, I was trying to get an IT support role there, and asked about a month ago and sent my CV in
And during my spare time at home was in the process of writing up an online procedure manual for each of the systems they use there.

(The company has NO manuals on how to operate each system/program and each new employee has to learn as they go along, lol)

I sent in an email to the manager after I got home from being suspended that if I was trying to make a career in the place and was going out of my way to help them out in my spare time, why would I sabotage the place?
__________________

Yea, we basically process checks and complaints (i think complaints) that people send in for various companies, including NTL, I think Seeboard and quite a few more.

how about taking a dictaphone in with you , it might make them think twice about what they try to shaft you with ;)

Do they have modem access?

Care to pass on the number? lol

Uh no :P

I was only kidding, the dictaphone is a good suggestion though, take one in any meetings you now have.
Even if the others do not know it's there, it can be handy.

AdamD - keep us up to date with this will ya? I'd loveto know the outcome of this! For what you say about the network being open it could have been the cleaner...!!

Good luck!

Lee

Another thing, what's the external access control like?

Is there a rigourously controlled access, with RFID or swipe cards, or could any Tom Dick or Harry wander into the department?


From the sound of it, if the true state of this place were known, they'd lose every contract they have.

The security is standard code pad entry on the outer doors and on the inside ones.
Ironically, there's been times when the number's been changed, i've come into work, buzzed for someone to let me in and they've done so without asking who i am, lol

Never attribute to malice that which can be adequately explained by stupidity

Just got a phone call from the manager, they've concluded their investigation and concluded that I wasn't responsible
She apologised and said they want me back if I want to come back.
So I restart work Monday...joy

*starts job searching*

Just got a phone call from the manager, they've concluded their investigation and concluded that I wasn't responsible
She apologised and said they want me back if I want to come back.
So I restart work Monday...joy

*starts job searching*

Christ - the brains of upper management took them that long to work it out?

Now you can go off work on some stress related illness!

Good luck on Monday - let us know how you get on!


Lee

Glad to hear that it's sorted. Hopefully the situation can now be put behind you and you can return to a normal working environment, but not doubt there will be a bit of an atmoshpere for a while. Just keep your head down, get on with the job, and take your time to find another job where your skills might be appreciated.

And of course if they do want help implementing a better IT security policy, I'm sure this thread will have given you plenty of ideas for suggestions as to what they are doing wrong!

Glad to hear that :tu: I went through a similar thing years ago and I know how bad it makes you feel...

Let us know how it goes on Monday.... Oh and ask them the outcome of there * internal * investigation....

I think it's as another poster pointed out, they suspended us to see wether more files would get deleted when we were gone.

I have no idea what their invesitgation turned up with though, as they had nothing to go on.

You should be demanding a written apology & to see your employment record so that you can confirm that nothing negative has been put in it.

It's a disgusting way to treat you.

Make sure that you make the point to them that now they MUST install some proper security measures on the system.

This is just one of the problems i've had working for this company

I used to work 20 hours a week and changed to a full time position at the beginning of April
April's payday came and went, still on a 20 hour week wage, may's payday came and went, STILL on a 20 hour a week wage, I can only hope I actually get paid for fulltime hours and get my backpay this paycheck.

Oh well, I just hope I can find a new job

theres always the small claims court if they arent paying you.

And if they arent paying you for full time hours then you are obliged to be there for full time hours.

Just a quick update

One of the people who was suspended with me, got asked to come into a meeting on Monday
They presented evidence that they thought he was responsible for the sabotage, but the evidence was circumstantial, i.e, because he was near or on an PC, he got blamed
Instead of fighting it, he quit, so maybe he did do it.

So it's been some 3/4 weeks since the original sabotage took place, I bet some of you are wondering wether security has improved or not, well..

It's actually got worse, if you can believe it
We're still using a universal logon, a logon who's password never changes and is the same as the user name.
File/folder security settings are still the same on both pc's and servers.
There's no obvious restrictions in place, shortcuts are being renamed and created by day staff members
Desktop themes, screensaves and sound schemes are being changed during the day, and nothing is done about it

To make matters worse and this will probably shock some of you
The main office door on the 1st floor, is held open during the day with a fire extinguisher, so anyone who can gain access to the building, can walk in there and not be questioned
The main server which sends off sensitive files to companies like Cable and wireless, Nynex, Seeboard, Transport for London and NTL, has a sticky note on the monitor with a list of usernames and passwords.

If that isn't poor security, I don't know what is

Did I also mention nearly every pc has free, open internet access, easily accessible USB ports which people have used to attach their USB drives to (Ipod, mp3 players etc) and enabled cd rom drives and floppy drives?
They also have no virus checking on any of the pc's either.

Amazing for a company which supposedly values customer and client data so much.

summat not right here , you have all this info and you choose to come here , if i was you i would be looking at somewhere higher up , something like ofcom (http://www.ofcom.org.uk/) , that might not be the right one though :(

Why bother though? I'll just end up losing my job if I stir up **** about it

I post here because I want people's thoughts on the situation and what they'd do about it.

If you don't believe what i'm saying, i'd be happy to take pictures lol :P

Question though, what could Ofcom do about it?

Well they and the suppliers of the information, according to the information you have supplied, are not complying with item 7 of the eight principles. This will apply to your companies data controller and the data controllers of Cable and Wireless, Nynex, Seeboard, Transport for London and NTL.

At the bottom of this lot is a link about the Public Interest Disclosure Act 1998, that will be important for you if you choose to go ahead and do something about this (which you should).

Comply with data protection legislation

The eight principles
The Data Protection Act 1998 sets out eight rules that data controllers must follow for protecting personal information - these are known as the eight principles.

Personal data must be:

Processed fairly and lawfully.
Processed only for one or more specified and lawful purpose.
Adequate, relevant and not excessive for those purposes.
Accurate and kept up-to-date - data subjects have the right to have inaccurate personal data corrected or destroyed if the personal information is inaccurate to any matter of fact.
Kept for no longer than is necessary for the purposes it is being processed.
Processed in line with the rights of individuals - this includes the right to be informed of all the information held about them, to prevent processing of their personal information for marketing purposes, and to compensation if they can prove they have been damaged by a data controller's non-compliance with the Act.
Secured against accidental loss, destruction or damage and against unauthorised or unlawful processing - this applies to you even if your business uses a third party to process personal information on your behalf. Not transferred to countries outside the European Economic Area (the EU plus Norway, Iceland and Liechtenstein) that do not have adequate protection for individual's personal information, unless a condition from Schedule four of the Act can be met.


If a data controller's processing of personal information does not comply with the principles, the Information Commissioner can take enforcement action against that data controller.

Enforcement and penalties
If your business processes personal information you need to be aware of the offences under the Data Protection Act 1998.

These include offences relating to:


notification - where a data controller has failed to notify or to make changes to their notification entry
knowingly or recklessly obtaining, disclosing, selling etc of personal information without the consent of the data controller
non-compliance with a notice issued by the Information Commissioner

Enforcement of the Act is the responsibility of the Information Commissioner who oversees and promotes compliance with the legal requirements.

If the Information Commissioner believes a data controller has not complied with one of the data protection principles he can issue an enforcement notice requiring a data controller to take certain steps or to stop processing personal information to bring the processing into compliance with the principle. The notices can be appealed against.

The Information Commissioner may also bring a criminal prosecution where he is satisfied an offence under the Act has been committed.

Failure to notify carries a maximum penalty of £5,000 plus costs in a Magistrates' court or an unlimited fine in the Crown Court.

Data subjects who suffer damage, or damage and distress, as a result of a data controller's non-compliance are entitled to apply to the Court for compensation.

Download compliance advice for small businesses from the Information Commissioner website (PDF). (http://www.informationcommissioner.gov.uk/cms/DocumentUploads/Small%20BUSINESSES%20V1.2.pdf)
http://www.informationcommissioner.gov.uk/
Information Commissioner Helpline 01625 545 745

Protection for complainants

If you wish to make make a complaint to the Information Commissioner about your employer, the Public Interest Disclosure Act 1998 may offer protection against you being penalised by your employer. For further information see our guidance on The Public Interest Disclosure Act 1998 (PIDA) (http://www.informationcommissioner.gov.uk/cms/DocumentUploads/Public%20Interest%20Disclosure%20Act%20Guidance%20 (July%202004).pdf)

That lot should set you off on the right track...

Jeez, C&W even submit papers to the EU on Data Protection.
http://europa.eu.int/comm/justice_home/fsj/privacy/docs/lawreport/paper/c-w_en.pdf

http://www.cw.com/about_us/company_profile/corporate_responsibility/overview/other_issues.html

http://www.cw.com/about_us/company_profile/directors/index.html

SeeBoard - EDF
http://www.edfenergy.com/html/showPage.do?name=edfenergy.contacts.til
Corporate Responsibility
Sustainable Development & Corporate Responsibility

Environment
Reporting
Ethics, Human Rights and Diversity
Regeneration
If you have any queries about Corporate Responsibility or would like any further information please contact: corporate.responsibility@edfenergy.com

AdamD - you could always try: http://www.amicustheunion.org/ - just to protect yourself and you collegues in the future...

Lee

Thanks for the data protection act info, i'm going to contact them and ask them about it

Pics would be good, can you get some people to pose in them too?
Perhaps the IT manager, showing his nicy shiiney PC.
:D

Hehe
Gonna look kinda strange walking around with a digi camera, but i'm sure I can do something
I know I can take pictures of the server with passwords stuck to the side, and probably the "security" door held open all day.
Thought of another security lapse which happens all the time
We work in the evenings, the "day staff" leave at 4pm, so when they all go home, there's 7 of us normal staff including 1 team leader
If the team leader is ill, or goes on holiday, no team leader or manager looks after us after 4pm, so we're left there from 4-10, 6 hours, unsupervised, heh.

i hope there is no clause saying you cant take photos on the premises :disturbd:

And at this time do you have a first aider present? - something else to think about, if they are slack with IT they will most likely be slack with that.

Nope, not to my knowledge.

Nope, not to my knowledge.


worth checking properly , you may just give them some ammo , iirc most places have some sort of policy in force to stop ppl copying confidential documents :erm:

worth checking properly , you may just give them some ammo , iirc most places have some sort of policy in force to stop ppl copying confidential documents :erm:
Protection for complainants

If you wish to make make a complaint to the Information Commissioner about your employer, the Public Interest Disclosure Act 1998 may offer protection against you being penalised by your employer. For further information see our guidance on The Public Interest Disclosure Act 1998 (PIDA) (http://www.informationcommissioner.gov.uk/cms/DocumentUploads/Public%20Interest%20Disclosure%20Act%20Guidance%20 (July%202004).pdf)