Your union recently exposed a serious breach of data protection by London Underground, whereby historic, and some current, information relating to case conferences, disciplinaries, sickness records, etc., for all station groups and train depots across the combine may have been accessible to a significantly greater number of individuals than those who legitimately needed to access it, via a shared “ESISHARE” drive accessible to CSS and CSM-grade staff logged into OneLondon.

We believe LU may have breached its statutory obligations under the terms of the Data Protection Act by not properly restricting access to this information, and have written to both London Underground and the Information Commissioner’s Office to this effect.

LU replied to say that they were aware of the issue and have taken steps to correct it. This does seem to have been done, but we do not consider the matter closed. We demand of LU that they fully investigate the scale of this breach, announce it, and their response on the LU Intranet, and write to all affected individuals.

RMT believes that this serious breach of confidentiality is a in part a consequence of Fit for the Future, and the massive expansion of the “managerial” layer on stations.

From your London Underground RMT Station Functional Council