an employee added the F-word to a client form

A reader writes:

I manage an office of about 20 employees. We routinely give paperwork to clients, and somehow one of the forms was modified to include something very unprofessional. A form of the f-word was added to the first line, to read “you are scheduled for this fuken procedure.”

There is no way for me to know who made the change since at least five staff members have access to the workstation on a daily basis. The change wasn’t saved as far as I can tell, just printed, and copies were given out to an unknown number of clients. Besides implementing safeguards to ensure this doesn’t happen again, I have no idea how to address this with the staff. They obviously know not to give out documents with profanity. To be honest, I’m shocked that one of the employees would have done this–it’s so disrespectful and unscrupulous. Any advice?

Wow. This goes beyond joking around — it could actively offend clients and hurt your business (assuming people figure out that misspelling, which threw me for a minute).

I’d start by doing some serious reflection on your staff. Before this, what would you have said about each person’s work ethic, conscientiousness, professionalism, and respect for how you operate? Even if previously you thought that they were all shining examples of those characteristics, you know now that at least one person isn’t — and you have a heads-up that there’s either a serious culture misfit on your staff or the culture itself needs work.

From there, I’d talk to people as a group or one-on-one. Explain that you’re sickened (and I don’t think that’s too strong a word) to know that someone acted with such open disregard for your clients and your business, and that you take it extremely seriously. Walk them through how a client would perceive this, and what the impact could be on your organization. (Since the context was about scheduling people for a procedure, I’m thinking this might be a medical office, and if that’s the case, it’s even more outrageous, since cavalierly sticking profanity on a form that someone receiving a medical procedure will fill out is horribly unkind — not to mention something that will undermine the confidence they need to have in your office.) I’d tell people that it’s clear to you that at least one person on your staff has a fundamental misunderstanding of the expectations you have of them, and that you’re going to be working over the coming weeks to ensure that that those expectations are clearer.

And then, over the next few weeks, I’d pay a lot more attention to the people working for you. Are you seeing anything else that’s out of sync with the culture you want? If so, address it swiftly. At the same time, if you see specific behaviors that are notably in sync with the culture you want (for instance, someone being unusually kind or helpful to a client), be explicit about recognizing and reinforcing that.

But at least one person shouldn’t be there, and I bet that if you pay pretty close attention to people’s work habits in the next few weeks, you’ll figure out who that person (or people) is (or are).

{ 217 comments… read them below }

  1. Brett*

    There is also one other possibility that is even worse.

    Maybe someone other than one of your employees was able to briefly access the computer and make the change.

    Take some time to figure out if someone other than an employee could get physical access to the computer’s location (even if it is something as simple as leaning over the counter when the computer is left logged in and unattended). If it is possible, figure out how to prevent it. It still might have been an employee, but, to me, this raises the red flag that someone (employee or otherwise) can access your computer and make changes without any knowledge of who it was.

    1. Elizabeth the Ginger*

      Also check with IT to see if anyone could have remotely accessed the file. If it’s stored on a server or intranet, the person wouldn’t necessarily have had to be at the physical computer.

      I think it’s probably more likely to have been someone physically present, but I’m not an expert on hacking.

    2. A Non*

      Yes, this is something I could see a child (or someone with the maturity of a child) doing as a prank if they happened across an unlocked computer. Time to double-check who has access to the space the workstations are in, and really crack down on people leaving computers unlocked and unattended. This is also something that can lighten the feeling of you being on witch hunt, if necessary.

      I worked in an office where leaving your computer unlocked would result in a coworker sending an email from your account to the group saying how much you looooved tacos. It only took one or two times for everyone to be very diligent about not getting taco’d.

          1. Carpe Librarium*

            At our office, we call it “getting ninja’d” because the ninjas send an email to the team about how much the whole team is so amazingly awesome. Also, opening a full screen Internet browser to http://www.lockyourscreen.com

      1. Del*

        At my job, it’s inverting the monitor display that’s the most common prank. But it’s a really good way to enforce security! I catch myself locking my home computer when I stand up, that’s just how deeply the reflex has been ingrained to me.

        1. Jamie*

          And this is why you are an excellent human being. And yes, I lock my laptop when I get up to go to the bathroom in my own house, when no one is home.

          And I have to admit I’ve heard of the pranks – used to work at a place where we changed the desktop on unlocked computers to pictures of goats. Once someone changed the desktop to a very unflattering employee badge pic of the person – so they come back to see themselves as their wall paper and had NO idea how to change it back.

          I do think that stuff is funny (and I thought clippy was funny, but never used it – not professional) but I’m an old stick in the mud. If I walk by and see your computer unlocked I will lock it and immediately change your password. This way you have to come to me to reset it and we have a little talk about leaving computers unlocked.

          It happens a lot less than it used to, I’ll tell you that.

          1. De Minimis*

            The big issue at my former employer was not locking your laptop with a security cable…IT would occasionally do sweeps and confiscate any laptop that was unsecured.

          2. Jessa*

            Also, seriously any computer should have an automatic lock after a certain amount of time. It doesn’t have to go to something complicated but it should require a password. I mean it only takes a couple of seconds to log in.

          3. Liz*

            One of my colleagues learned his lesson when the others changed his keyboard layout to Dvorak, and then helpfully locked it. In 5 years he hasn’t left it unlocked since!

      2. Anonylicious*

        My officemate keeps leaving his computer unlocked, and one of these days I’m going to break down, take a screenshot of his desktop, set that as the wallpaper, then hide all his icons and let chaos ensue.

        1. A Non*

          Just warn your IT person first so they don’t waste time on it. And so they can play along. :-)

        2. ConstructionHR*

          :-D)) I’ve known about that one for a while, but never had the opportunity to do it.

      3. AndersonDarling*

        I left my computer unlocked and a director sent an email to my boss saying how much I love working for him and he is the “best-est.”

      4. stellanor*

        On my SO’s team, if you left your computer unlocked you sent an email to the team declaring that you were a pretty pretty princess. Sparkletext was involved. Unfortunately they got scolded by IT security and had to stop.

        On my team, if you leave your computer unlocked someone changes your background to cartoon characters.

        1. Kerry*

          Unfortunately they got scolded by IT security

          This seems backwards, I don’t feel *they’re* the ones who should have been scolded by IT security!

      5. Kcliff*

        Haha! This reminds me of my old college newspaper, if you left your email open an email would be sent to all staff extolling how great everyone else was.

        In the Chicago comedy community people update Facebook statuses to say the person is moving to Denver for some reason.

        1. Maple Teacup*

          At my Old Work, people would sometimes leave their Facebook open on the staff room computer. I then made posts about how “they” were renouncing their favourite sports team and becoming a dedicated fan of their teams most hated rival. In a company of sports fans, leaving your Facebook page open stopped pretty quickly. It was acceptable at Old Work to prank like this because 1) it was a harmless alteration 2) we were all on good terms with each other. If an employee inserted “Fuken” into a client document, that’s ghastly.

        2. FiveNine*

          Okay this one made me laugh out loud. And so many muppets to choose from for each particular guilty employee.

      6. S.*

        In our office, an unlocked computer will result in an email being sent to the whole team announcing that the offender will be bringing in a cake. And they have to follow through. ;)

      7. EG*

        I work in an office which requires that we lock out computers if we step away, due to PII data. The managers are nice enough to lock the computer for an employee if it’s left unlocked…after either sending an email to the department offering to buy everyone lunch, or using ctrl + alt + arrow key to change the screen’s orientation (usually upside down). The employees laugh but they remember to lock their computer the next time.

    3. T*

      My first thought was that a kid did this (possibly the child of an employee), especially with the misspelled swear word. If that’s the case, it would still point to the importance of locking the computer when its not in use.

      Another possibility is that an employee was taking out frustration by typing that and didn’t save it, but also didn’t realize that someone was going to print from the messed-up version.

      1. Vicki*

        It’s almost scary how many workplaces have a Tradition for how to handle an unlocked computer.

        Which means people still don’t “get it”.

  2. Celeste*

    If you have no tracking of changes on these forms, there isn’t any way to tell how long it’s been going on. I almost wonder if it was an April Fool’s prank.

    I would keep an eye on everybody, even if only 5 people have access to the workstation. It sounds like something a person would do to vent that they aren’t happy there and somehow make a day more tolerable. I’d be interested to know who might feel that way strongly enough to take a risk with your business.

    This begs for an update when you figure it out, and I’m sure you will. I think somebody knows, because what are the odds that the perpetrator wouldn’t want to tell someone else?

  3. Jake*

    Are we sure it was a staff member? I’ve seen many stations where the computer is open to clients if a staff member takes a break and forgets to lock the machine.

    I could see a kid walking by, making the change, and people inadvertently printing off a bunch.

    I don’t think this is likely, but it is possible in some offices I’ve seen. However it is far more likely that an idiot works for the op.

  4. Adam*

    I’m a bit dense this morning. Was the offending word a misspelling or thrown in there when no word was meant to be in that spot?

    1. WorkingAsDesigned*

      I wondered the same thing about it possibly being a misspelling. I occasionally send something to print and don’t realize that just before hitting the print button in the program, I’ve bumped another key and added an extra letter (or two).

      With that being said, if it’s a brand-new word that was added to the form – yikes.

      1. Apostrophina*

        I also wondered if it could be a typo/error. In the early days of OCR scanning, you sometimes saw really weird stuff when text had been scanned.

        Heck, I got a book for Christmas that is very good as a book, but every single number 1 had been turned by scanning into a capital I. It drove me crazy! If even paid editors can’t catch this stuff anymore…

      2. Adam*

        I thought it was misspelled first, but then I sat there wracking my brain to try and figure out what word it was supposed to be originally.

        I came up with nothing.

        1. AnotherAlison*

          Okay, so I googled it. . .thinking maybe G would say did you “Did you mean the Furken Procedure?” It did not, but it brought up several profane complaints people were making about their fuken medical procedures, some spelled that way, some spelled the usual way.

          I kind of wonder if some client was a real asshole to the clerk and in a fit of anger/lapse of judgement, the clerk printed a form just for the jerk client, but it ended up going beyond there. (Not that it would be an acceptable excuse, but I just don’t really think it’s *that* funny, and it’s kind of pathetic if they’re trying to cause trouble. I can think of worse things to try if you really want to stir things up.)

          1. Adam*

            I could see it happening. It’s funny in an evening sitcom sort of way. But it’d be a sitcom that airs on Monday night during football season.

      3. Kate M*

        I think the fact that it wasn’t saved into the document, just printed out a bunch of times, indicates that it wasn’t just a mistake. They put it in there long enough to print the forms, and then went back and deleted it, and then saved the correct version (without the added word) to the computer.

      4. Kelly L.*

        I’ve accidentally pasted something non-work-related into a work paper before (I was online and had copied a link, then forgot it was on the clipboard and thought something for the work file was the more recent thing there). Thankfully, I caught it before the file went anywhere. So there’s an outside, outside, outside possibility someone was typing “fuken” into, say, a personal email and got it into the work file by accident…

        …but I don’t actually think so, because what are the odds that it would appear in a place where it would make grammatical sense? It’d be just as likely to say “You have been approved fuken for this procedure” or something.

    2. thenoiseinspace*

      Don’t feel dense – until I read Alison’s reply, I honestly thought the LW meant that the document now had the actual f-word in it (“a form of the f-word” meaning “f-ing” or something) and had just changed it to “fuken” so that Alison could publish the letter without profanity.

      1. Knight Andrews*

        Same here! I thought it was a euphemism to keep the OP’s letter clean and postable.

  5. Sunflower*

    My first guess is to say this was some kind of inter-office joke gone wrong where employees didn’t mean for the forms to get distributed to anyone. However, I’d think if that was the case, they would have put the f word into more than just one spot

    1. Helen*

      Yes, I would bet that this was a joke that was not meant to be distributed. Now, I see it as a lack of common sense to type something inappropriate into a form that would usually go in front of customers, even as a joke, because of the risk of human error. But if the OP cam confirm that is what happened, at least they will know no one on staff had bad intentions, just a lack of common sense.

  6. fposte*

    Uch. I feel for the employees who know they *didn’t* do it but also know that that won’t necessarily be believed. That’s the collateral damage of something like this–it really hurts the person’s colleagues, too.

  7. Poysidia*

    If you meet with all the employees and feel that nobody really might have done it, keep in mind custodial staff. Also take into account children of employees; is anyone bringing their kids into the office? Bored kids with access to computers might end up with this result. (Admittedly, it’s the employee’s fault for not supervising a child around the computers, but this is far more excusable than an employee writing the f-word on a document.)

    Good luck with the sleuthing, and please do follow up with Alison when you uncover what was going on.

  8. lachevious*

    What about checking the print job history on the printer itself? You may be able to track out what time that document was printed, thus narrowing the timeframe to check the computer logs to see who was on it.

    Another option might be to check the metadata in the document itself – I realize it wasn’t saved but maybe a good IT person could find something.

      1. Poysidia*

        We had a member of custodial staff at one of my old jobs who was connected to the boss’s son, and who was pranking the office (he had a sense of humor that was slightly off color.) We couldn’t figure out who was doing the pranks for awhile.

        He didn’t end up getting fired because the pranks were not very serious but it came to mind.

      2. thenoiseinspace*

        I agree that it probably wasn’t the custodial staff – but OP, is it possible it could have been a disgruntled former employee whose account wasn’t fully terminated or who knew another way into the system (like a coworker’s password?) There’s no mention of a former employee in the letter, but that kind of thing isn’t unheard of.

        1. Jamie*

          If that was the case whomever is in charge of locking separating employes out of the system need to be fired immediately. Especially if it’s a medical facility, as we’re assuming.

          I’ve never worked in a place where your access wasn’t locked down while you were still in the meeting being let go. Terminations need to be coordinated with IT for this reason – you want to make sure people at their most disgruntled and emotional can’t get in and do something they can’t undo. People often aren’t thinking clearly when they’ve been fired and might not think that have anything to lose, so it’s a kindness to them as well.

          It’s a good point though – not every place operates by best practices and even those that do sometimes things slip through the cracks. It’s an inherent problem of anything involving humans.

          For a medical facility (assuming that’s what this is) that would be audited on a regular basis I can’t imagine them not having a pretty high level logging system for their remote users. Even just a run of the mill company can tell you who was remoting in and when. So pulling those logs is definitely a great place to start, to rule in or out.

          1. De Minimis*

            When people were fired at my old employer they still had computer access up to when they left the building, because they had to fill out their final timecard online. They had HR with them at all times and had to turn in their laptop to them.

            I was fired there and that’s how it went for me, but some of that may be because we agreed to keep me on the payroll for about a week after I actually left, so I had to fill out a timesheet for that period. Don’t know if that was standard practice.

          2. HM in Atlanta*

            About 10 years ago I would get calls from a former employer where 2 execs (also owners) wanted to share their screens with me so I could fix their ____________. They kept my access and passwords the same the whole time so I could log in remotely and help them. Fortunately, I had no interest in anything other than helping them. It only stopped once I had to start traveling a lot for my current employer. Who knows, they may still have my credentials active.

  9. OriginalYup*

    I would be so livid in your position. LIVID. In addition to breathing fire out my nose, other things I’d be doing in your shoes:

    Asking IT to see whether there’s any audit trail or history that can help narrow down when the document was last accessed or modified (even though it wasn’t saved).

    Instituting IT controls on the workstation and documents. Passwords to log in/out, documents saved as PDFs so edits can’t be made on the fly, etc..

    Holding an emergency inventory and audit of any other patient-facing forms: trashing all currently printed copies, re-printing one copy of each, having a two-person team proofread and sign off on it. Doing this as a group exercise will emphasize to the jokester how very serious this is. The innocent parties are probably horrified this happened, and the audit can serve to help reassure them that nothing else has been messed with.

    1. AMG*

      this is a really good idea. Every form should be double and triple checked by multiple pairs of eyes to ensure there are no other ‘jokes’.

    2. Liz in a Library*

      This is really smart. Even if this was done as a joke, there is no guarantee that this form was the only one that was edited.

    3. Jamie*

      Such an excellent point! Yes, immediate ad hoc internal audit of everything related.

      I cannot imagine how angry I would be.

      The only thing I’d do differently is I wouldn’t trash the bad ones. I’d quarantine them and save them for the termination meeting/UI hearing.

      1. Anna*

        The problem with this is it becomes an issue of (as was suggested) if there are multiple people in on the prank, what’s to prevent someone from just double checking with one of the other people? And the other side of that, who’s watching the watchmen? If you’re printing out a document that doesn’t usually have any edits or just one or two minor edits, having someone audit it is time consuming and essentially a waste of resources. I’ve worked in a place that audited stuff. A person looked at every file. Stuff still got through and all it did was make everyone irritable. The IT protocols are probably a better and less pointless use of time. Also, is there any record that a form was sent anywhere? Example, a note in a file? A note in a database? Otherwise how do you know it was sent in the first place? So if you make a note of it, can’t you backtrack from there?

        1. Elsajeni*

          I think OriginalYup’s suggestion was meant as more of a one-time audit than a new ongoing procedure — “Let’s make absolutely sure that none of our other files have been ‘humorously’ modified before we save them in a more difficult-to-modify format and start printing and using them again,” sort of thing.

        2. Jamie*

          I was referring to an audit of document control. Yes, imo if one altered form went out to clients you have an auditor, or pair, or team – depending on the amount of documents – proof each one to make sure none of the other electronic documents are tainted.

          No auditor can catch everything when you’re talking about auditing records. Then you are doing a control sample which will expand if you find irregularities. But for master controlled documents – and forms going to patients should certainly be controlled – you can check every line in every one. It may take time, but that’s what an ad hoc audit is for. Called outside of a normal scheduled audit because of a problem already detected.

          I disagree that it’s a waste of resources, although it can be time consuming. If it were me I’d:
          1. put auditors on it to check all master copies (electronic in this case)
          2. pitch the printed ones after doing a controlled sample of each.
          3. have them audit every single record created from this form going back to before the problem. (forms like these are documents when blank, but records once they have been filled out.)

          This gives peace of mind that all master copies and client records are untainted.

          It’s too bad that you felt auditing was a waste of time, but it’s not. It will never catch everything adequate sampling can show whether or not procedures are being followed and if there are patterns of non-compliance. And people getting irritable at a common business practice would be a problem for me. I mean people can feel however they like, I don’t police that, but if it resulted in a work place issue where my auditors felt any kind of resistance that would be a major problem.

          1. Anna*

            I should be specific. A sample audit that happens every so often is one thing. The waste of time is doing it for every. File. Created. Or. Altered. So, where I used to work might receive and handle 500 files in a week going through process #1 and 300 files moved on to process #2 and 250 files in process #3. Each one of those files was audited. Every time it was passed through to a new stage. Every. Time.

  10. Prickly Pear*

    Wow. I thought my habit of doodling (just boxes, I swear!) was bad. I agree that it was probably a prank gone bad, but then at best there’s someone at their office with a wildly inappropriate sense of humor and careless. I’d be so tempted to pull a ‘principal’s office’ and have everyone write their version of events down. I used to be able to lie straightfaced if I was talking, but committing same to paper was another story.

  11. Katie the Fed*

    Something very similar happened where I work, but the word got added to a paper that was disseminated quite widely.

    Probably a better question for Jamie or an IT person, but can’t you enlist some computer forensics type of assistance on this to track down who did this? This is serious enough that I would want to be able to reassure your clients that you’re investigating and the party responsible will be disciplined. And then you fire the asshole who did this.

    I assume you’ve notified clients that you caught the mistake and apologize sincerely for it, and it won’t happen again?

    1. A Non*

      Yes, you could hire a forensic specialist to try to track this down. It would be very expensive, and given the amount of time that has passed they might not be able to find it. Even under ideal circumstances, computer forensics can only prove who was logged in at the time the change was made. It can’t prove whose fingers were on the keyboard. So you’d be right back to the ‘I didn’t do that, it was a kid / another coworker / someone trying to frame me’. The CSI approach is probably not appropriate in this case.

      1. A Non*

        (Should have specified in my post above – I’m an IT person. I haven’t done forensics, but it’s a field I’m interested in.)

      2. H. Vane*

        Well, if they are leaving open a computer that has access to medical records, which sounds like it’s the case, and someone is able to use their login to mess around while they’re not there, that may be cause for firing in and of itself. I’m no expert in medical privacy laws, but I do know they’re pretty strict. Locking your computer when you step away is pretty standard procedure in that kind of environment.

        1. Anonsie*

          Being logged in on a computer shouldn’t be enough to reach medical records anyway, though. You’ll typically have to log in again to open them, depending on the system, specifically so that an open workstation can’t dive into protected information like that. With ours they also time out and close after a pretty short period of inactivity. So depending on your layout (as in, whether the workstation is somewhere you could reasonably expect no non-staff folks could get to it) and the software you’re using, it may or may not be a lapse in security to leave your computer unlocked.

          1. De Minimis*

            With ours the various folders in the shared drive are restricted to where only authorized employees can access them. They aren’t password protected, but only certain employee logins will be allowed access.

            1. Anonsie*

              That too– ours you have to log in, and that only works if you have a role where it’s necessary to be able to get in there. So not just any employee login will do.

        2. De Minimis*

          It goes beyond firing, criminal penalties can actually come into play if people are accessing medical records for non-work related reasons. The laws have become more strict in recent years–in the past I believe you had to misuse the information, but now you can at least in theory face criminal prosecution just for accessing the records if you have no business-related need to do so.

  12. Jamie*

    My gut feeling is if this was an accident, meaning someone did it to amuse a coworker and didn’t mean for it to be released into the wild they’d have printed one copy. And spelled it correctly.

    As you say it wasn’t saved this way I’m assuming they made the change, printed a bunch, and put them in the pile to be used? Can you go through patient records and determine the cut off from when the forms were correct to when this started. That will narrow down the time frame.

    Or it was saved with a different name – I’m assuming you’ve searched the computer (and all shared drives) for key words in the document itself to see if the bad copy is there? Searching for the added word will be easiest, I doubt it appears in too many documents. If you find it you will be able to see the date/time it was created.

    I’ve been to a lot medical practices and have never seen one set up where non-employees could access the computer casually. Not saying there aren’t some, but every one I’ve been to and that’s been probably hundreds, I’ve never seen this.

    And if a medical facility doesn’t have your computers set to lock after being idle in case someone walks away without locking it, I would be shocked. I’d think that would be IT 101 – but then so would saving form in an uneditable version. Well, anything is forge-able if you want to badly enough – but not easily editable is what I mean.

    Five people at least is a small subset. Among those five you have to have a feeling for who would be completely incapable of this and who just might have. I’m not saying accuse without evidence, but know where to start your search.

    1. A Non*

      Even when computers are set to lock themselves after being idle, it’s usually after 10-15 minutes of inactivity. That’s more than enough time for someone to add a bad word to a document. The automatic lock is meant as a backup for people who forget to lock their machine, not as a substitute for hitting windows+L every time you stand up.

      (Source: I am an IT person who has implemented exactly this policy.)

      1. Jamie*

        I wasn’t implying it was a substitute for locking one’s machine.

        But in this case I would assume very few non-employees would have this plan in their pocket just waiting for an employee to walk away, jump on the computer, pull up the file and insert the word (spelled wrong) and back in their seat pretending to be nonchalant. Because set for 5 minutes that gives them a small window of the person walking away before it locks. Not perfect, but I’d assume it would take people more than 5 minutes to get bored enough to consider messing with it and then work up the courage to do it.

        1. A Non*

          I didn’t think you were implying that – I was just drawing attention to it, as it’s a distinction that people often miss. Tech policies are far from a cure-all for security concerns!

          1. Jamie*

            Tech policies are far from a cure-all for security concerns!

            That needs to be stitched on a sampler. Quoted for truth.

              1. JessB*

                I’m imagining “Policies apply to YOU!” with the Uncle Sam figure looming above it, pointing straight at the reader.

                That would be awesome.

      2. KAZ2Y5*

        I wish I had that much time! I work at a hospital and IT set all our computers for a lock-out after 3-5 minutes (not sure of the exact time).

    2. Anonsie*

      “Can you go through patient records and determine the cut off from when the forms were correct to when this started. That will narrow down the time frame.”

      This exactly.

      I don’t know the scope of this practice or what their IT support is like, either, but ours is pretty outstanding in how meticulously they keep things backed up and how much activity is tracked. If this happened to me, I’d see if they had any ideas as well.

  13. Tiff*

    I think the comments are good here regarding the possibility of a non-staff person doing it, and personally I would start there. Then I’d look into some IT best practices – a computer for every staff person may not be practical but I’d make sure that everyone is signing in and identifying themselves on the computer.

    1. fposte*

      I think you can’t rule out somebody else doing it at the start, but I also would avoid making that the go-to–maintenance gets blamed for a lot that turns out to be internal, in my experience.

      1. AnotherAlison*

        Although. . .when my husband was a maintenance mechanic at a plant, those guys were all terrible pranksters and probably were responsible for whatever mischief went on (gluing things shut, hiding tools, etc.). It was mostly internal within their department, but I can see one of them pranking someone who they were buddies with in another department. Some of them deserve their bad rap.

      2. Anonsie*

        I think she means not on the staff at all, as in a client/patient did it, not the maintenance crew.

        But you’re right, people love to blame the office cleaning/maintenance staff whenever something goes awry, like they’re cartoon villains or something. There’s some weird inherent distrust a lot of people have for those jobs, I have no idea where it comes from.

    2. Jamie*

      A couple things off the top of my head:

      No shared logins ever. They don’t need their own computers, but they need to log in as themselves. That’s their electronic footprint. Shared logins are an abomination. I don’t set them up and if people are caught allowing others to use their log in that’s one of the fastest way to serious trouble from me. Do not lie to my network.

      Save forms in their final state as .pdfs. I would put money that this was saved in Word without access tracking. Save in a PDF and you can still edit them when needed, with Acrobat which is too expensive to put on everyone’s machine. Someone who will change a word in Word because they can might not go to the time and effort to track down .pdf editing software.

      Put client facing forms and other procedurally regulated documents in a protected folder with logging enabled. Turning on auditing for a whole network is usually a waste of resources, because it slows everything down to write an entry to the audit trail every time someone opens, changes, or closes their own spreadsheets or work material. But you can protect certain folders and set them with security permissions. It doesn’t limit legitimate access, just notes who was accessing.

      I am not coming down on the OP at all, it happened and I can’t even tell from the letter if she’s even the one responsible for protecting the files…but she said they will be tightening the security on this which is a good thing. Just because one horse got out doesn’t mean you still don’t lock the barn door before the others take off.

      1. Cube Ninja*

        Honestly though, it’s amazing how easy it is to prevent a lot of these issues with templates simply by checking the “Read Only” box in Properties (assuming Windows). That will stop most average users from screwing it up.

        Then again, you also have to turn around and make sure everyone understands what “Save As…” does. :)

        1. Lore*

          Or you can password-protect a file in such a way that it allows tracked changes only. So if anyone does make a change, it will be flagged in a bright color, and in theory will identify the user. (I say in theory because that only works if users have their ID set in Office.)

        2. KimmieSue*

          Agree – I was going to mention the same thing. If you must use an MS program – you can make read only and password protect the document.

      2. class factotum*

        no shared logins

        Even I, a non-IT person, was shocked to the point of my jaw dropping when I learned that the Waukesha County Clerk, Kathy Nickolaus, had her three clerks share a login. She ran the ELECTIONS!

        There has been so much drama with her – and yet the town of Waukesha has just hired her as its clerk.

  14. Jeff A.*

    Maybe I’m a cynical Northeasterner, but I’m a little surprised that the initial comments seem to lean towards a non-employee (a child of an employee? a custodian?!?!)

    To me, this screams bad employee. As in, someone who maybe started as being bored, then actively disengaged, and now actively toxic. People do this all. the. time.

    Also, if this is what turns out to have happened, the OP should be quick to reexamine how s/he manages the staff: thinking everything is hunky-dory only to find that you were harboring an employee who would do this is a pretty bad sign.

    1. Celeste*

      Agree completely that only an insider would CARE enough to make it happen.

      Also think back on anything different happening lately, something like a feud or a policy change. There may be a root.

    2. LBK*

      Agreed completely. I actually think seeing outside parties as more likely culprits is *more* cynical – you think your custodial staff really hates you so much they’d do something like this? Just bizarre.

    3. Poysidia*

      Considering that this is sounds like it is a medical office, something has to have gone horribly awry. There could be one of two things happening, which is why there’s either a huge problem with their IT (allowing either everyone to access the computer, which is why it’s possible a child, custodian, or guest could have accessed the computer). If the computers are actually properly locked down, then the problem is worse; then the office is not doing their due dilligence when screening/hiring employees and telling them what happens to the office legally when not properly protecting medical info (huge lawsuits, etc.)

      Either way, this isn’t just a mess up by the staff, it’s a mess up *by the management* and it leaves them liable to huge damages. Every client who received that paper is likely to leave. Some may be pondering legal action and be worried that their privacy has been compromised.

      The OP has not given details of the IT set up, so we do not know who has access.

    4. lachevious*

      I agree – it really seems like an employee – the whole scenario is pretty far-fetched. I can’t imagine the motivation behind a custodian or a client tampering with documents, especially in plain sight. The risk outweighs the reward for them.

      However, an employee trying to get away with something would certainly have the time to do something like this – and the mispelling could very well have been their way of trying to plant the seed in the manager’s mind that maybe it was the janitor or some kid/client.

      The fact that so many people here are looking for anyone else to blame but the employees is rather odd, to me.

      The butler did it, obviously.

    5. Betsy*

      I also think there’s a faintly ugly implication to that line of thinking: that the custodial staff is less professional and committed to their work than the office employees, which my experience doesn’t support, but which I think is a common perception of blue-collar vs white-collar workers.

      1. lachevious*

        Yup, that’s how I feel about it, too. Some of the best people I have known have had to get their hands dirty for a living, job titles have nothing to do with ethics.

  15. TotesMaGoats*

    Just this morning I got an email from a coworker saying “I didn’t pick up my shirt and…”. Only she forgot the r in shirt. I got a great laugh out of it. I know that was done accidentally and she probably didn’t realize it.

    In this case, I’d go with what Allison said. I’d also be on the look out for a change in behavior. Is a normally really outgoing and participatory staff member being suddenly quiet? Has someone who loves the spotlight actively stepped away from it?

    1. anon*

      I’ve replied with “got it!” and had it autocorrect to “go tit!” (WHY is this is the autocorrect?) Embarrassing.

        1. AnotherAlison*

          Sometimes I come back and see stuff I wrote on here and I’m just like, “What the hell?!” Do I even speak English? I’m usually doing 3 other work things at the same time, but still. . .verb tenses, duplicate words, typos, spelling errors. . .it’s embarrassing. Just hope my work docs that I’m multitasking on are not as bad.

      1. Forrest Rhodes*

        As a college senior, I was part-time office help for a couple of engineering profs. One day Prof X raced up to my desk with a 30-page document that he needed for his graduate seminar, which started in less than an hour. The office scanner was out of commission, the document had to be keyed in, and the prof knew I was a lightning typist and an accurate one.

        With the deadline looming and the prof pacing behind my chair, I typed the pages (carefully), ran Spellcheck, and printed the required number of copies; then did a Pony Express-type handoff to the prof as he sprinted for class.

        When I turned back to the computer to close the file, something on the screen caught my eye. As mentioned, I was a reasonably fast typist (100+ wpm) but was using an older keyboard, and everywhere I’d typed “does not,” the keyboard apparently hiccuped and it became “doe snot.” And Spellcheck, in its infinite wisdom, thought, “Well, ‘doe’ is a word, and ‘snot’ is a word—fine with me!”

        There was nothing I could do for the class at that point, but when I apologized to Prof X later, he laughed and said, “Yeah, the students noticed it. But this is one time I’m absolutely sure that everyone read every single word of the class handout—they were making book on how many ‘doe snots’ they’d find!”

        It became a running joke: every time I’d hand Prof X a completed document, he’d confirm, “And it’s doe snot-free?”

        Still makes me laugh—but it’s also why I make sure never ever ever to trust Spellcheck alone.

          1. Forrest Rhodes*

            Thanks for the responses, Lily and Lady; glad you enjoyed that incident too. And I’m eternally grateful that typing class was an eighth-grade requirement—that skill got me into a whole bunch of jobs that were really fun, from the music biz in the ’60s to law, medicine, early computer stuff, newspaper publication, and more. I do my best to convince younger family members that they’ll benefit from from learning to do this one simple thing, but am not sure I’ve sold them—yet. Efforts continue.

    2. MJ (Aotearoa/New Zealand)*

      I haven’t yet *sent* an email that ends with “Kind retards”, but I’ve certainly typed it out many times and thankfully noticed before I hit send!

      1. EE*

        I have exactly the same last-minute-save pattern with e-mails addressed to anyone called Chris. Or, as my subconscious likes to call him, Christ.

        1. anonintheuk*

          Or a colleague who sent an email out to the rest of the firm ending ‘All the beast wishes’. Lots of jokes about what the beast wishes – peace and quiet? human flesh? an ice cream sundae?

      2. Cath in Canada*

        I have a friend who works in public health who accidentally typed “men who have sex with me” instead of “men who have sex with men” in a report about STDs, and still hasn’t lived it down

  16. Eden*

    I used to work in exactly this environment, and I’d bet this office has no “IT” department at all to ask, and certainly no budget to investigate.

    We tried to institute sign-in and -out of computers, but the reality is, in a medical office, that’s not foolproof. I wouldn’t decide anyone was the perpetrator based on who was signed in at the time. In fact, I think I’d be more inclined to rule them out, because this seems more like a “you left your FB open” hack to me.

    I’d take Alison’s advice one step further, and ask how you’d feel if not just a client, but someone in your family went to a clinic for a procedure and saw that form. Clients/patients as a general construct can be a source of annoyance and may have prompted the insertion.

      1. OP here.*

        Yes and yes! We use separate logins/passwords for medical records and management, and no sensitive information is stored on the computers themselves. Having a shared login for the computer itself isn’t always a huge priority in the face of so many others.

        Until it becomes an issue, like now, of course.

  17. some1*

    Why are we assuming this is a medical office? The LW used the term “clients”, not patients. A “procedure” doesn’t necessarily mean a medical procedure.

    1. Eden*

      I’m assuming it because I can’t imagine a scenario of being scheduled for a procedure that isn’t medical but would still require you to fill out forms. It might be a facial, but why would I be filling something out?

      So my reason is failure of imagination!

      1. Jamie*

        And my gyn office refers to us as clients. So does the place where we go to get CAT scans and MRIs – it’s not in the hospital, they only do those types of things and you’re referred by your doctor. Why can’t I think of the name?

        Anyway they refer to us as clients. And when I took a family member to get a colonoscopy they were a client as well. And that is no pedicure, that’s for sure.

        Imo it’s silly. If I’m being asked to take off my pants and pay you for the privilege I’m a patient, not a client – but if it makes even one person less nervous than I’m all for it. I don’t care.

      2. short'n'stout*

        Maybe a beauty therapy procedure? I had IPL depilation the other week and was asked to sign a consent form.

        Or possibly health screens for gym clients?

    2. Poysidia*

      “Clients” is often used to refer to patients, as it’s more professional. Business clients don’t often have “procedures.”

      Sounds a lot like a medical office.

      1. JessB*

        I’ve worked in libraries where they refer to ‘clients’. It used to be ‘borrowers’, which I liked as a kid (pretending I was a teeny person, like in the books, The Borrowers).

        I’ve seen ‘clients’ in lots of places, but this does seem like a medical office to me.

  18. Eden*

    Also, if the office is anything like the one I worked in, the five with regular access should definitely not be the only suspects. This smacks to me of a moment of opportunity seized by someone disgruntled and immature.

    I highly doubt this is outside work. Where the computers are in medical offices is generally not where the clientele is allowed. And the notion of custodial staff doing this is funny to me, not least because we had to clean our own office, there were no cleaning people. Regardless, I cannot imagine any cleaning staff being present to witness and change an open document.

    1. AnotherAlison*

      Re: custodial staff. I would think more like the electricians, hvac, building maintenance, or printer repair guy, not the custodians. Not that I really think they are the likely suspects, but I can envision a scenario. . .

      1. Poysidia*

        It actually happened in an office i worked for! Custodial staff member knew boss’s son, thought it would be funny to pull series of pranks. We had no idea who was doing it for the longest time. Everyone was accusing each other.

        You don’t know who knows each other. People go to school with each other and end up in different fields. Sometimes they get bored, see a screen with a typed up document, lean over and type the F word.

        Of course, it could be a regular staff member too, but they have a LOT more to lose. But hopefully that comes out in the Inquisition that will now have to be held because proper IT best practices were clearly not instituted in this office in the first place.

    2. Eden*

      Nor, actually, can I imagine custodial or other staff having the slightest motive to do this.

  19. Joey*

    I’d deal with this differently and probably a little more harshly. Anonymous offenses are tough, but the first step should be to try to find out who did it. I would do the following:
    1. Schedule a meeting with the narrowed down group
    2. Tell everyone what you discovered and how dispicable it is.
    3. Tell them that this compromised the very foundation of your business -integrity and patient trust and that you won’t tolerate it
    4. Tell your staff you expect that they conduct themselves with integrity and that anyone who knows anything about this is expected to come forward in private.
    5. Schedule meetings with each of them individually to ask what they know and if they handled the forms why they didn’t notice.

    1. Ask a Manager* Post author

      My thinking on going with a somewhat broader approach was that she has a bigger issue on her hands than this one incident — someone there is remarkably out of sync with her culture, or her culture isn’t what she needs it to be … and so I think she’s got to tackle that broader landscape too.

      1. Joey*

        I’m not so sure its a misunderstanding as a lack of judgement or a deliberate act by a toxic employee. I just don’t think anyone can be so incompetent to misunderstand that this isn’t acceptable ever.

        1. Ask a Manager* Post author

          Absolutely. I don’t mean in any way that this would be a misunderstanding; it’s absolutely a deliberate and toxic act. But the fact that this could happen raises larger issues about what’s going on there, and so I think she needs to pay attention to that too. If she just fires this person and then goes back to business as usual, she misses an opportunity to figure out if there’s a bigger culture problem that she needs to tackle too. (To be clear, the person should be fired. I just want her to make sure that there aren’t other things happening that are out of sync with the culture she wants too.)

          1. Jamie*

            I agree with this, because besides the boarder scope, which is so important, I’d personally find anyone who knew these were going out and didn’t say anything to be equally culpable.

            This is such that anyone who had knowledge of this had a professional obligation to bring it to the attention of management and make sure the forms weren’t going out.

          2. Poysidia*

            At the heart of it, this is a mess up by the management, and the OP needs to understand that. This isn’t a mess up by the staff, as unprofessional as it was. IT best practices should not have allowed this to happen. All logins should be traced back to an individual computer/user.

            If practices remain in place that allow this to continue to happen, the business will be so vulnerable to lawsuits. A client’s privacy must be watertight. Every client who saw that document is likely to leave, and will most likely take their business with them, may complain to the BBB or worse, may file a lawsuit if they feel extremely upset. Damage control won’t extend to just finding the culprit, but how to address going forward, and that includes addressing IT issues and HIPPA violations, stat.

            1. Ask a Manager* Post author

              Eh, I don’t know that we can conclude that from what’s here. If multiple people have access to that particular form, any of them could have printed this. It’s not saved anywhere, so logins wouldn’t matter in that case.

            2. Jamie*

              This isn’t a mess up by the staff, as unprofessional as it was

              Of course it is. I agree that they should have had safeguards in place and others dropped the ball on securing this stuff – but that doesn’t mean the perpetrator isn’t guilty.

              If I don’t lock my house and I get burgled, shame on me for not locking my house. But that doesn’t mean the burglars are off the hook – everyone is still responsible for their own actions.

              You didn’t do enough to stop me from sabotaging work forms won’t hold up anywhere.

            3. A Non*

              > IT best practices should not have allowed this to happen.

              Eh, not necessarily. Locking down form letters so that the people who send them out can’t make changes to them is overkill in most environments. Security has to be a balance between risk and inconvenience.

            4. Joey*

              I’m not sure you realize that many small business cannot monetarily justify an IT person, staff, or best practices.

              1. Jamie*

                Assuming this is a medical facility that reasoning doesn’t work.

                If you can’t afford proper IT support to properly secure a system which holds medical records then you can’t afford to be in business.

                That doesn’t mean it has to be in house. Plenty of smaller places wouldn’t have enough work to justify an f/t onsite IT. But there are plenty of contractors who handle this kind of thing.

                If you can’t afford to tip you have no business eating out, if you can’t afford insurance you have no business driving your car, and if you can’t afford to make sure your network is protected you have no business handling anyone’s personal or medical information.

          3. Joey*

            See I tend to think this is a deal with it and move on type issue. I think it just deserves a gut check, a signal that its not tolerated and some inner reflection. Unless there are other signs of culture issues I really don’t see the need to stretch it out and subject the innocent to a rehash of culture expectations. Different strokes probably.

            1. Ask a Manager* Post author

              I’m not calling for a prolonged rehash with staff either; I’m talking about things the OP should be doing — reflecting, observing, and stepping in if she finds more issues.

              1. Joey*

                Ah, it sounded like you meant making sure staff understood expectations over the coming weeks. That makes more sense.

        2. AnotherAlison*

          Based on something really stupid my darn-near-17 year old son did at home last week (and the abudance of YouTube videos) I can easily see how a *young* employee could be that incompetent. I mean incompetent, not just that they don’t care if they get in trouble. Those immature little brains don’t seem to get when a joke is carried too far, and they see it as “just a joke” not a reprehensible act. I think the mgmt response is the same either way, though.

          1. Joey*

            I’d probably chalk that up to lack of judgement unless upon reflection he didn’t see anything wrong with it. Although at that point Id be wondering how in the hell I hired someone so incompetent.

          2. Zahra*

            Heck, I have colleagues that are in their mid-to-late twenties who had to have a come-to-Jesus talk with HR because their behavior was inappropriate for a professional environment.

        3. JH*

          Really? That seems a little much. How about just send out an email saying nobody do this again and the next person who does it is fired and leave it at that. I think it may not have been deliberate. Have you ever been working on a document and typed a swear word because you were frustrated and then deleted it? I certainly have. Maybe that’s what happened and the person who did it forgot to delete it by accident.

    2. Anon 1*

      Yeah…I agree with AAM that there are probably long term issues that need to be addressed. But I also agree that I would meet with each person individually to see what they know about the situation. Personally, I feel that if you don’t try to determine who did it in the short run it will send the message that employees can get away with this type of behavior in the future.

  20. Barbara in Swampeast*

    I am having trouble believing that the OP can’t track their own correspondence. Who filled out the form? Who gave/mailed it to the recipient? There must be some procedures in place for how work is done in your office and who is responsible for what. If there isn’t, this would be a good time to start.

    1. LBK*

      The person who handed it out isn’t necessarily the person who edited it, though. It sounds like a widely distributed client form that multiple people use, probably grabbed from a general location where the blank ones are kept. I think it would be pretty hard to track down without having edit tracking on the document itself.

      1. Jamie*

        Absolutely. I have hundreds of pages of procedures I’ve written over the years. If someone got clever and decided to add “Jamie eats worms” to the footer of a document I could easily issue it to someone without noticing.

        Or even in the body. I wrote them, I know my procedures, I’m meticulous about revision dates and keeping only one live version at a time. If you added the above sentence to a clause I wouldn’t know – until one of my auditors brought it to me probably doubled over with laughter.

        I’d notice eventually because we internally audit document control, but not immediately.

        1. OriginalEmma*

          Can you institute log-ins for whenever someone opens a Word document, or maximizes it from its minimized position? It would become real old, real quick but it seems like just the solution for this kind of nonsense.

          1. Jamie*

            The problem with that is the same as it is with most thing – the balance between security and business process/cost.

            Sure I can lock down the network where everything was protected, logs created for every time anyone touches an electronic file..the cost would be a slow down of the servers to a degree where engineering would be severely affected (those SolidWorks files are no small joke when it comes to resource usage) that deadlines would need to be changed and we’d have very unhappy customers.

            Risk vs benefit – it’s not worth it. So we try to keep things as secure as possible while not unnecessarily impeding people’s ability to work effectively and quickly.

            Just like I could lock down the internet so they could only get out to approved sites and those had to be white listed by me. And I could have all their emails go through me as well to be released. This would greatly lessen the chance a virus would sneak through the window between release and my security updates – but at what cost? The time delays and people unable to even listen to internet radio – that would make for an unpleasant work environment.

            I have users who are really good at not getting into online shenanigans – so I’d rather deal with a virus issue once every year or two than tie everyone’s hands the rest of the time. And those who get in trouble inadvertently, I lock down their machine to protect them from themselves and not punish everyone because someone keeps thinking spam are legitimate emails and clicking the links.

            I have security measures in place that protect us while still letting people have the freedom to do their jobs. It’s a fine line, and sometimes the line is moved, but it’s what most of us in IT are trying to do.

            We’re not draconian because we give a crap about your personal browsing habits, we are trying to protect the company network (and do our jobs) while truly trying to minimize the inconvenience to end users. So it does kind of grate sometimes when people toss off on liners about how IT are all control freaks.

            1. Anlyn*

              Interesting that you mention locking down the Internet; our company is going to be blocking social media sites…Facebook, Twitter, even LinkedIn…because of the threat of viruses. Yet they’re keeping YouTube.

              It’s definitely going to impact work morale; it’s a large company, so the ban may not last. Especially if the higher-ups complain.

              1. Windchime*

                Facebook and Youtube are definitely locked at my place of work. There is no business reason whatsoever that people need to use those sites here. There are a couple of computers in the lunchroom which have access, but nobody can access them from their workstations and that’s completely appropriate for this place of work. We also can’t stream internet radio because when it was allowed, there were enough people doing it that legitimate network traffice was severely affected.

                1. Jamie*

                  Absolutely – I used to have radio blocked when it slowed things down, but with switching to cable for data I have more than we need and it’s not an issue.

                  Non-work stuff will always get killed in the interest of work – but if you can let people do it and it’s relatively safe and there is no compromise to the speed and no additional costs? Why not?

                2. De Minimis*

                  All social media is blocked at my work, as well as any streaming media.

                  In theory, AAM should be blocked at least to where I should not be able to read the comment section, but I guess whatever software this site uses flies under the radar. Disqus and any type of message board software are filtered out.

        2. LBK*

          Exactly – I have about 20 email templates and form letters I use daily. If someone somehow got onto my computer and edited profanity into them, there’s almost no chance I would catch it. The whole point of a form letter/template is that I don’t have to write/read it every time.

    2. Anonsie*

      To answer all questions: The five staff mentioned, I’m guessing. It’s not really unusual for there to be several people that print out/complete/send the same things, and having it all route through one person is not really an option in plenty of scenarios.

      Especially if this is a medical practice– you have a stack of forms that everyone grabs copies from, or a shared file you can all print copies from as needed. You do this as needed for your own patients.

  21. anon-2*

    Yeah one time a long long long LOOONGGGG time ago I was in an office and in the days of carbon paper, a customer opened a computer generated envelope with an impressed form inside and it had the F-Bomb on it.

    No one knew who did it – and it was certainly not intentional — but — we learned, because everyone knew HOW it could happen. Have to admit, it was disastrously bad but funny at the same time.

    Yes – shared logins are an absolutely, categorically, positively verboten in this day and age.

  22. littlemoose*

    Okay, I know WTF Wednesday is not a thing, but I kind of love that this letter ran today.
    Also, I agree that this sounds like an enployee’s joke that accidentally went beyond the staff. That, of course, does not excuse the seriousness of the offense. Good luck to the OP on figuring out the culprit, and I hope we get an update on this one in the future.

  23. Jeff A.*

    Perhaps I’m being defensive because so many of my friends and family hold blue collar jobs, but the suggestion that the OP should consider custodial staff, electricians, HVAC repairmen, building maintenance workers, and the like is just such a huge stretch it smacks of elitism and inaccurate stereotypes.

    It seems pretty clear that the most reasonable culprit is a disgruntled (motive) employee with knowledge of the office and easy access to the materials (means).

    Of course, (nearly) anything is possible; but if I were the manager, I wouldn’t risk assuming it wasn’t one of my staff.

    1. OriginalEmma*

      +100000. It’s a scapegoat for doing the hard work of figuring out who, in your staff, is the culprit. And unlike office staff, who aren’t judged (typically) by the number of tasks they do, blue-collar workers have a schedule to keep and tasks to finish so they 99% aren’t likely to be messing about on a computer when the next light bulb needs to be changed or the next suite vacuumed.

      1. LBK*

        Wouldn’t it actually be more work to determine if someone external did this and get them disciplined, since the manager has no oversight outside of their own company? It’s easier to do the work internally because you have the authority to sit each person on the team down and then reprimand them if it was them. I don’t get this argument.

    2. lachevious*

      I agree, Jeff. It’s disapointing to see how quick everyone jumped on blaming the blue collar workers.

      It really seems like the work of this manager’s staff. They have the time, motive, access, and knowledge of the forms. They also have a better chance of not getting fired immediately over this – I am sure they all have each other’s backs if it was a group effort.

      In all of my office jobs the custodial staff were extremely discrete and trustworthy, I have yet to meet a blue collar worker that didn’t need their job – having been one myself I guess I am rather biased, too.

        1. lachevious*

          White collar worker, now, too – and I’d also be screwed if I got fired today.

          My point was that the blue collar workers probably have less job security than the office staff, they might be written up or put on a PIP wheras the maintenence person would probably just be fired on the spot. Hence, the maintence worker has higher risk (less motivation) to do something like this as compared to the employee.

          But, the simplest explanation is usually the correct one, and the simpler explanation is that a member of the staff did this – not some third-party.

          1. LBK*

            Ah, okay, that makes more sense – I thought you were saying that white collar workers may be more cavalier with standards because they’re less likely to need the job. But it sounds like you’re actually saying punishment is typically more severe and termination is more common in blue collar work, so it’s usually not worth the risk to cross the line since you’re unlikely to get a second chance.

          2. Anonsie*

            I was going to say this myself– the job security issue is a pretty big reason to not cause any trouble, I can say from experience there. When you have a job like that you know full well that the first problem there will be your last problem, there will be no talks with your manager and warnings and writeups.

            That’s not a set rule or anything, but it’s much more likely to be true of your custodial staff than it is of your office or clinic staff.

    3. Anna*

      Yeah, exactly. Someone else said it’s the kind of “prank” that would be done by someone who would care, and the people that come in to do some work and then leave aren’t those people. But I get what you’re saying. No right thinking white collar employee could possibly do that! Except we visit this blog and we know they can and they do!

      1. Anna*

        This above comment was supposed to be a reply to Jamie’s comment but it posted under this one. Do not know why.

    4. Diet Coke Addict*

      Yep. What custodian, handyman, elevator-repair-guy is going to take the time to find a single document and add “fuken” for a juvenile prank? When a bored office employee, frustrated with a belligerent client and/or irritating coworkers and/or feedback from the boss, is a much more likely choice?

      Horses, not zebras. Come on.

    5. the_scientist*

      I agree with this. It’s an extremely classist suggestion, and as someone so astutely pointed out above, it doesn’t make all that much sense. Occam’s razor, and the overall context, suggests a disgruntled employee who cares enough to do serious damage.

    6. AnotherAlison*

      TBH, I’m one of the ones who said that. My husband is an electrician. My dad’s a truck driver. I hardly consider myself an elitist, and I don’t consider it a stereotype because it’s behavior I’ve observed on the job by my husband and his coworkers. (I met him at work a very, very long time ago.) They played pranks all the time. They wouldn’t do anything malicious, like change a form to get someone else in trouble, but I can see where it would go wrong, thinking your friend would catch it and think it’s funny, before sending it on to clients.

      FWIW, I’ve also seen prankster behavior in my current coworkers — VPs and directors of business development. But, in this case, the culprit is going to be someone with access to that area of the office. If someone had a medical sales rep buddy who was always hanging out a bit too much at the office, I’d put them on the suspect list, too. (I do keep the 5 immediate employees at tthe top, though.)

    7. LBK*

      While I agree that the possibility of someone other than the employees doing this is low, I don’t think people are necessarily saying to consider custodial staff etc. as suspects due to elitism. Rather, if the OP sits down with each person and it doesn’t seem likely that any of them could’ve done it, there are possible explanations. It may not have anything to do with culture mismatch or incongruent expectations.

      Again, I think it’s unlikely unless these people are a-holes to their custodians and one of them wanted revenge, but it’s not completely out of the realm of possibility, and offering that explanation doesn’t mean someone looks down on blue collar workers.

      1. LBK*

        Also – for the most part, the comments that mention non-staff workers refer to them as secondary potential suspects after the staff has been investigated. I only caught one that puts non-staff as more likely to be the culprit than someone internal. The righteousness train has a tendency to go into overdrive on this site so let’s be careful before we conflate one person’s opinion with the entire comment section.

        1. Jeff A.*

          Definitely agree with the “righteousness train” assessment. And not trying to hijack the thread and turn the discussion into a class war. I was just surprised by the number of people who chimed in to say, “Hey, don’t overlook the printer repair guy who was here last week – definitely could’ve been him!”

          There are people without integrity in all professions. But it doesn’t help the OP to have a bunch of people saying look at X, Y, and Z instead of focusing on the 5 employees who have direct access whose proximity immediately makes them the most likely party.

      2. MaggieMae*

        How would they get the password for the terminal after hours?

        [OP – please tell me this terminal is pwd protected!]

    8. Betsy*

      I replied to an above comment to say this before I read yours, but wanted to chime in down here, too: totally agree.

      There’s this ugly implication that blue-collar workers are less professional or don’t care about their work, which in my experience is not true (I’m not suggesting the reverse is true, either, just that I’ve met real professionals and unprofessional people in both lines).

    9. Anonsie*

      +1

      I wouldn’t assume it *couldn’t* be any of those people either, but I wouldn’t start there.

  24. Jamie*

    Something else for the OP to think about – was this on a shared drive, or on the local computer itself?

    Because if it was shared drive accessed by other offices or branches – outside of your five – they could easily have printed it up without seeing it. If you print the same form 1000x you don’t read every word – you look to make sure you have the right one, hit print, and stack them up.

    If this was stored outside of the local computer you need to widen your net to anyone with access to the drive.

    1. De Minimis*

      We had an issue with that at my work…not pranks or anything, but someone at another site accidentally deleted some key files on a shared drive and I think we had no real way to back it up [a department had to just recreate from scratch.]

      Major weakness in our system…I think we do have some type of backup now, but apparently there’s a time limit of about a week before anything missing cannot be retrieved.

      1. Judy*

        Our director wrote a “bot” to cruise our shared drive, we had a directory structure that required us to name files x and put them y. He would get reports when things were “not done, because they were not where they should be.” One of my co-workers always seemed to have a mouse problem. Entire project folders would disappear. Usually to be found within other folders. We had a suspect. And you know what… when he left for another company, we stopped having the issue with missing files turning up under other directories.

        1. Jamie*

          The fat fingered drag and drop culprit. Every company has one – and they are always the ones who forget to check the adjacent files to see if they moved it before calling IT in a panic.

          1. De Minimis*

            We at least have made it to where the satellite location can only access its own purchasing files, so if it happens again it won’t affect anyone else.

            Just my opinion, but I think this is a consequence of a new policy implemented by higher-ups, trying to get each department more involved in the purchasing/receiving process. The more people given access to things, the higher likelihood of something like this happening.

            1. Jamie*

              I am a big believer in limited access to what people need, both in shared stuff and within an ERP. It limits the number of people making errors in a particular area – and it simplifies things for everyone concerned.

        2. MaggieMae*

          I had someone delete an entire tree on our shared drive. I almost killed him until I called IT and they were able to reset the server to the day before.

          Seriously – thank gawd for IT.

  25. Cube Ninja*

    So, of the five staff who regularly access that workstation, which of them have difficulty with spelling in other correspondence?

    Honestly, if you’re going to drop an F bomb, do it properly.

    1. De Minimis*

      I know it isn’t really funny, but I’m amused by the idea that the person might actually think they spelled it right.

    2. Loose Seal*

      I thought they did it this way so it wouldn’t be so immediately eye-catching, thus allowing it to be distributed to more people.

      1. short'n'stout*

        If the spell check thingie that underlines words in red was active, this word should have stood out like a beacon. Which makes it harder for someone to credibly claim that they printed it out without noticing. Not impossible – I can think of several plausible reasons why they might not notice – but still harder.

        1. Laura*

          If it was done deliberately, a quick right-click and adding that word to the dictionary would take care of that.

          Or, if it was done deliberately and this is a form that they normally keep lots of blank copies of around, the person who did it may have printed them off and added them to the stack. After that, close the document and no one would be the wiser.

          The letter does say “The change wasn’t saved as far as I can tell, just printed….”

          1. short'n'stout*

            All of which supports the idea that the word was included deliberately. So any claims of it happening by accident become less and less credible.

  26. Eden*

    Agreed.

    I’d be interested to hear whether the OP has a ‘gut’ feeling any specific staff member. Since this strikes me as so immature (how could you be an adult and not be horrified by this?), I’m guessing this person doesn’t take great pains to cover his or her general anger/disgruntlement issues. Does Occam’s razor suggest a culprit?

    1. OhNo*

      The immaturity of this act really stuck out to me too – I’m glad I’m not the only one. I would also be very interested to hear from the OP how this one ends up working out.

      As you say, Eden, it seems like the kind of person who is immature enough to do this would also be equally immature in other areas of the office. Of course it’s entirely possible that it was actually the most professional employee in the office who was just having a bad day, but that seems unlikely.

  27. Zombie Bait*

    I’m going to comment from the perspective that this event was perpetrated by an employee with poor judgement operating in an unprofessional culture. What if. Could it have been a juvinile prank (without malicious intent somehow) that went wrong? Does the office have a lot of joking around? Are there low standards for professional conduct? Choices are not made in a vaccume. Either the person is a jerk and knows what they did was wrong. Or the person is utterly clueless and misguided by employment culture norms. In the second case, the theoretical employee is able to be rehabilitated and changes to the company culture need to happen.

    1. MaggieMae*

      My first thought was that it was a joke. Since we don’t know from the OP’s letter whether a client actually received it (hello, I would hate to receive THAT phone call), perhaps it was just created from the template and printed for a colleague as a joke – and then the idiot forgot to change it back to the blank template before saving again. I think we need more info. |-:

      1. Zombie Bait*

        I could see this as an inner office joke gone wrong. Particularly in an environment where swearing and pranks are an accepted. If that is the workplace environment, and the OP doesn’t want that type of workplace (understandable), then a culture shift needs to happen. I sure hope clients didn’t get that Fuken message!

  28. Lily in NYC*

    When I worked at USNews & World Report, one of our December issues had a small holiday gift guide – someone at the printing press changed the 800 number in the magazine that you could call to order one of the items. Instead of the company, callers were sent to a sex-chat line. We figured it out because our top editor wanted to buy the item for his wife and almost plotzed when he called the number.

  29. Mimmy*

    This had to have been meant as an in-office prank during some downtime, but perhaps was inadvertently printed before anyone realized the word wasn’t deleted. Doesn’t make it right of course. Unless there is a pattern of unprofessional behavior, I’m not sure it’s worth undertaking a whole sleuthing exercise, as seems to be a common suggestion in the comments. However, I do think a meeting with the staff is in order with a stern discussion as to how this cannot happen again and whatever safeguards you plan to implement.

  30. KC*

    It’s also possible that the edit to the document was a mistake. I’ve had documents open and an IM conversation going simultaneously, where something I intended for the IM window ended up in the document while I was switching from one to the other. Granted, that doesn’t excuse bad proof-reading skills (you’d ideally catch something like that before printing/distributing), but it might not have been intentional on anyone’s part.

      1. Kelly L.*

        Yeah, I thought of something like that too, but yeah, what are the chances the grammar would work out and the accidental word would end up somewhere it made sense? Instead of, I don’t know, Dear Mr. Smfukenith…

        1. The Maple Teacup*

          What are the chances? Not much in my opinion. However, when an employer is considering eliminating the livelihood of another person, they’d better be 100% it wasn’t an IM conversation substitution mix up.

  31. Not So NewReader*

    Of the five or so employees with access, does any of them have a cohort that reeeally despises them?
    Who reported it to you, or did you find it yourself? The context of how you found out might add some light on the subject to start the thinking process.

    Sometimes I have been able to figure out things by saying to myself “If I had done this, how would I go about it?” Then I move on to thinking about what others might have thought of to do.

    Think about the busy times and the slow times of the day. Or you may need to unpredictably stagger your start/finish times or your break times to see what is going on when you are not in the immediate area.

    Can you come up with a low-ball estimate of how many were printed? Is this a clue, some how? Printers have average rates that they print at. If you have a substantial number for the low estimate you might be able to estimate how long it took to print out all the copies.
    Just an off the wall example: Let’s say you figure out that barest minimum 400 copies were printed. (Stick with me- I am going to make up numbers that may not be realistic.) Suppose the printer does 40 copies per minute. That means the printer was running for ten consecutive minutes.
    I would notice that. Is it possible that someone noticed that? I might even notice if someone was hovering over the printer for that same time frame. (Right, does not mean this is the guilty person. It does start to add more information, though.)

    It will be interesting to hear what you find out about this. I hope you dismiss the guilty one. Trust is broken here.

  32. MaggieMae*

    If it were me, and it has been before, I would check

    1) the system used to enter the addresses – whether it’s a mail merge, a CMS, etc. There is usually a saved copy of the mail merge somewhere – or the system will leave a note in the client profile noting that a particular letter went out.

    2) talk to your group as a whole, explaining in a way that fosters their buy-in to get to the bottom of this and correct whatever notion that neither MESSY or MESSED UP are allowed in your practice

    3) implement sign ons for your terminal and work with IT to come up with a better solution for client follow up/reminder emails. You need to get system in place and this is one of those horror stories that reminds all managers reading this blog that this can very easily happen to them

    4) just to add what I do with my staff when they leave their computers unlocked: there is a keyboard shortcut that will switch their monitor to side view and you can only do it past the windows log in. So when the staff comes back and sees their view sideways – they know that you know. And it’s a punishment into itself because it is incredibly difficult to Google the fix when you’re viewing (and mouse-ing) sideways. And then you can follow it up at their next 1X1 that they need to be more diligent. Even leaving to use the restroom or refill their water bottle – no exceptions.

    Send in an update. Good luck!

  33. Trundles*

    Ugh, this is just awful and I hope you’re able to figure out who did it.

    For folks mentioning the spelling, it’s a really common spelling on 4chan (man, how old is that) and less savory areas of Reddit, I’ve seen Fuken and Fukken more times than I can count and I don’t even visit those sites! But friends who do use that internet slang, or at least did 6 years ago.

  34. anon-2*

    One of the things here that is overlooked –

    While everyone seems to be running around trying to figure out HOW or WHO did the F-bomb in the client form —

    The IMPORTANT thing is to make sure it doesn’t happen again. Whodunit really isn’t the issue now, finding a head to roll isn’t, and probably isn’t the way to go — you don’t want to bag the wrong person, or draw up a list of suspects, lest you come across as Captain Queeg (Caine Mutiny).

    As we did with the carbon form (see my other post) – use it as a learning experience – with EVERYONE involved – and that will probably help toward ensuring it won’t happen again.

    1. anon-2*

      I might add – lay down the law = if it happens AGAIN – and the perp is caught – a head WILL roll…. but this time, a pass is granted, use it as a learning (and warning) experience.

      The only way you’re going to accomplish a successful “whodunit” at this phase of the game is if the responsible person steps forward and delivers a confession. DON’T TRY TO EXTORT ONE. As I said, you’ll make more trouble for yourself with an “investigation”. It will come off like a witch hunt now.

      But if you expect a confession now, you’re naive. Stuff like that only happens in the movies. In all likelihood , it’s not going to happen again.

  35. OP here.*

    After finding out about this I immediately printed all new forms and confiscated the old ones, and went through the saved documents word by word. Lo and behold, there were several more documents with similar profane additions, so while this one bad word referenced in my first question to Alison wasn’t saved, the others led me pretty clearly to the culprit, based on time punches and staff schedules. I didn’t find hard copies of any of the others that were actually saved in the office.

    The employee was let go immediately, after being confronted and confessing that she did it as a joke and she didn’t think it would actually be given out (flimsy, it was printed and mixed in with others that were not edited that she knew were being handed out). I think there is another employee that knew about it and didn’t say anything that I’m watching more closely. Afterwards, I talked with all of the employees, following Alison’s advice, and impressed upon them how horrified I was to find this. We had a good talk about professionalism, trust, and reputation, and of course everyone knows/agreed this was not okay.

    And lastly, I got the increase in my IT budget that I’d been requesting for a while.

Comments are closed.