Bsrgvty

You need to talk to your manager about this immediately.

You absolutely should not have done this. This person is no longer an employee at your organization is not entitled to any company information. It doesn't matter that they may have helped create the documents and probably know the content anyway, sharing it with them essentially makes it a public release. Now, it may be that your manager says it's fine and would have told you to send it on, but you should absolutely not do this without written approval.

No, don't share internal company information with non-members of the firm except in the course of normal business.

Previous employees do not have a legitimate interest in non-public company information (unless they are doing business with the firm). It doesn't matter how sensitive the information seems or if it is marked confidential - unless you have permission to share the information, keep it private.

You should alert your manager or a trusted leader in the company. Previous employees asking for information may signal a larger issue. At the very least, make an individual in a management position aware of the data leak.

No. It was a mistake. The deputy manager no longer works there, so he doesn't get to ask for any company documents. There is no reason to do this I can think of other than to somehow compete with your business.

The correct action would have been to forward his request to your current manager, and forget about it.

Now, mistakes happen, and the fact you're asking about this is good - it means your "did I do something wrong here" radar is still working. Ethics-wise, you should tell your manager what happened immediately and apologise. But you have to balance the risk of getting fired versus protecting the business, which is a decision only you can make.

edit Incorporating some comments:

As someone who works in cybersecurity, one of the things we push for is people to have greater awareness of their actions and of those around them, including self-reporting incidents. If the security team / company is any good, they'll give a minor slap on the wrist saying "don't do that again," and deal with it appropriately. The company finding out after the fact, however, could and should lead to firings.

Tyzoid

Obviously you did the wrong thing, and the only question is whether you should own up to your mistake, or lie low and hope nothing bad happens.

The other answers tend to lean towards owning up, but I have to wonder: what planet are they on? On planet Earth, the obvious and only course of action is to say nothing. If you are found out, you can always plead ignorance; and if you are not found out, well then owning up would have been stupid, wouldn't it?

PS If you think this a question of ethics, ask yourself this: who stands to benefit if you own up? Nobody. Who stands to lose out if you own up? You. It's a no-brainer, if you ask me.

Any company I've worked in, your action would be reason to terminate your employment and take legal action against you for breach of confidentiality agreements, non-disclosure agreements, and document security regulations.

NEVER share information with people outside the company unless you are authorised to do so, and then only with people who are authorised to receive said information.

For example sending an updated installation manual to a customer for the product you're building for him is usually (but not always, there may be rules about who's allowed to communicate at all with customers) ok, sending a design document for something to a random person outside the company, often even the customer for who you are designing that thing, hardly ever is.

Without going into your actions, its obvious you know you have messed up.

So, I would simply weigh up your options.

And you have 2 really:

1. Own up, with a risk of getting sacked.


2. Keep quiet with a risk of getting found out, and sacked

Personally I think there is more at risk with option 1.

I have in the past kept several spreadsheets I worked on from previous workplaces, just so I can re-use functionality in the future.

Whatever you choose to do cease contact with your former manager.

It sounds like you don't know why they wanted it. Some of the other answers assume their motivation was shady, which may be an appropriate assumption, or it may not be. If they were really trying to do something shady, would they have asked you at all?

You should probably ask them why they wanted it, and ask them to keep the document confidential. Best to have such conversation by phone or in person. Their reaction will hopefully give you a better idea of what's at stake in the situation, if anything.

To answer the question as asked: you should not have forwarded any company document to a former employer, without approval.

Since you have done it, you now need to mitigate the effects: report the error in an appropriate manner.

There are few circumstances in which an employee will be sacked if they admit to a mistake. In fact, even if the consequences are severe, most employers/managers want staff to feel safe about reporting honest mistakes that affect them. A prompt report allows them to mitigate effects - in your case, determine why a former employee requested the document. So you may get a talking-to, or even face some disciplinary action for a data breach (depending on how sensitive the document is, how well employees in your company are briefed about security concerns before starting a project, etc), but that is unlikely to be escalated to dismissal unless you build up a history of making the same sort of mistake repeatedly - you are expected to learn from mistakes, not keep repeating the same ones.

The consequences will certainly be more severe - and more likely to include dismissal - if you don't admit to the problem, and your employer discovers it by other means - for example, during a data or security audit or if a manager is given a copy of the document by a competitor.