Hi Reddit,

I need some advice regarding a privacy concern with my former employer. Here’s the situation:

I have already changed passwords and added 2FA. I know I am at fault for a lot of this but please help me on how I should proceed rather than tell me how stupid I am😂

Also, this company has no written policy about using personal social media on work devices - and also the site closes at 6pm and some of the logins were at 10pm at night

After transitioning to a new office, I returned my old work phone (a Galaxy A54) to the company. Before doing so, I made sure to log out of all my personal accounts. However, I've recently received notifications indicating that my Facebook Messenger account was accessed after work hours. Additionally, Gmail data requests show activity, and my WhatsApp was active in April, despite my departure from the company in February.

This unexpected activity has been quite distressing. I was hesitant to bring this up as I didn't want to cause any unnecessary disruptions. I also refrained from discussing this with any former colleagues to avoid assumptions.

I did learn through word of mouth that my phone wasn't given to the person who replaced me, which is against the usual procedure. This adds to my concerns about how my personal information was handled.

I know I shouldn't have had my personal accounts on the work phone. However, it feels like leaving keys in a car: yes, it's not ideal, but it doesn't make it acceptable for someone to steal the car. Similarly, my mistake doesn't justify unauthorized access to my accounts.

My personal accounts contain sensitive information, including medical records, making this matter even more serious. I’ve gathered some evidence and have reported it to HR, requesting an investigation into the potential breach of privacy. I’ve also asked for details on how they plan to prevent similar incidents in the future and to be informed of the investigation’s findings.

I live in Ireland, where the laws tend to favor the employee more than in some other countries, like the USA. For example, Ireland has strict data protection laws under the General Data Protection Regulation (GDPR), which requires employers to safeguard personal data and imposes significant penalties for breaches. Additionally, Irish labor laws generally provide stronger protections for workers' rights and privacy compared to US laws.

Do I have a case here? What steps should I take to ensure my personal information is secure and that appropriate actions are taken if there was indeed a breach?

Thanks for any advice you can offer