In its ruling of April 17, 2022 (Case No.: 9 Sa 250/21), the Saxony Regional Labor Court decided that a violation of a work instruction with data protection content can justify a termination for conduct-related reasons.
The plaintiff employee had been working for the defendant company as a loan officer for approximately six years - most recently on a part-time basis with 30 hours per week. She earned approximately EUR 3,500 gross per month. There is a works council at the defendant employer. In addition, there is a work instruction with the following title: "Procedure for Information Security at the Workplace and Clean Desk Policy". This policy states, among other things:
"Care must be taken to ensure that information worthy of protection or secret information - whether in paper form or on the screen - cannot be viewed by third parties. When the workplace is left or unattended: files, data carriers or hardware containing information worthy of protection are to be properly locked away or properly disposed of. (...)"
The plaintiff had already violated this directive several times. She had already received several warnings for this. In November 2020, the defendant company changed the place of business where the plaintiff had last worked. As the plaintiff was unfit for work at that time, she allowed the employer to empty her desk in the presence of a works council member. In the process, the company discovered that numerous sensitive documents were lying unlocked in desk drawers.
After hearing the works council, the company issued an ordinary termination for behavioral reasons. The employee defended herself against this (with the support of a lawyer) by bringing an action before the labor court. The labor court upheld the action for protection against dismissal.
On appeal by the defendant company, the Regional Labor Court amended the judgment and dismissed the action for protection against dismissal.
In the opinion of the Saxon Regional Labor Court, the termination was justified for reasons of conduct (see Section 1 (2) KSchG). Due to the warnings, a negative prognosis was to be assumed. In addition, the weighing of interests was to the detriment of the plaintiff.
Together with the warned incidents, these were considerable breaches of duty on the part of the employee. The defendant was not obliged to issue a further warning. In the opinion of the court, the breach of duty clearly consisted in the failure to implement the work instruction from the policy. The plaintiff employee had kept sensitive documents unlocked in her desk despite the explicit instruction arising from it.
The court also emphasized that these duties were not merely secondary obligations. The performance of work within the framework of the lawfully exercised right of direction - which also includes work instructions on data protection - is the main obligation.
The decision once again makes it clear that data protection requirements should be taken seriously by both parties to the employment relationship. If the employer is threatened with substantial fines for violations, it can cost employees their jobs. But works councils should not take data protection lightly either. In the worst case, they could also be personally liable(read more here).