Data protection in the workplace: careless mistakes can lead to termination

• Employer Policies be sure to note
• Unlocked files made the difference
• Minor injuries work duties lead to termination

The employer does not have to accept minor negligence on the part of employees if they occur more frequently and concern the sensitive area of ​​data protection. A policy for a tidy work environment and screen locks (Clean Desk Policy) employees must take them seriously and observe them, like this State Labor Court (LAG) Saxony stated.

Be sure to follow the employer’s guidelines

Of the Employer has a policy on information security in the workplace enacted, which a loan officer ignored several times. Specifically, it was about Lock desk compartments with sensitive files, do not leave documents open at the workplace or properly log out of the IT systems.

the “Clean Desk Policy” provided the following: “It must be ensured that sensitive or secret information – whether in paper form or on the screen – cannot be viewed by third parties.” If the workplace is left or unsupervised, the employer requires specific behavior:

• Files, data carriers or hardware with information that are worth protecting locked away or disposed of properly.
• Besides, it has to Implement always locked be, so at least the screen saver be active.
• Printouts with confidential content and Data carriers must not lie around in the openthey belong in a drawer or a cupboard.

Unlocked files were decisive

But these three requirements are not enough. The employer had four more points:

• key for mobile containers or cupboards with confidential content must not remain at the workplace or on the locks.
• passwords must not be kept visible (as a sticky note on the monitor or in an easily guessable place such as under the desk pad, in the unlocked desk drawer or under the keyboard or mouse pad).
• IT systems are at the end of the day log out and shut down.
• Tilted or open window are to be closed at the end of the working day.

The loan officer ignores the instruction (right of direction) and received after several warnings the termination. The final reason for the dismissal was that the employer discovered during a move that the employee had not properly locked her desk drawers with sensitive customer data.

There was one for the ninth Senate of the LAG Breach of duty through non-compliance with the work instructions “Clean Desk Policy” is undisputed. Contrary to the instructions, the clerk kept documents with sensitive data unlocked in her desk at a time when she herself was not in the office.

Minor violations of work duties will result in dismissal

The employee defended herself against the dismissal with an employment tribunal. This was evaluated differently than the previous instance LAG Saxony the termination but as proportionate. The employee violated the main obligations of her employment contract. Considering the previous ones warnings according to the court, this is the case as a whole to significant breaches of duty.

The employer was not obliged to first issue a further warning. In addition, a warning could be proportionate even in the case of a first-time and only slight breach of duty. According to the court, the careless mistakes and negligence of the employees are to be regarded as endangering the existence of the company.

Even minor injuries contractual obligations can be warned and lead to dismissal if they continue to be disregarded, according to the findings of the LAG Sachsen (Judgment of April 7th, 2022, Az.: 9 Sa 250/21). The court found the dismissal to be fair and lawful.

Conclusion

The company’s information security policy must be observed, violating it can cost you the job. Caution is required, especially when it comes to data protection issues.