Frettens Solicitors: Employment law update January 2018
What happens if a rogue employee breaches the Data Protection rules?
Can an employer be indirectly liable for the criminal actions of a rogue employee in breach of the Data Protection Act?
Employee with a grudge breaches data rules
A High Court case, Various Claimants v Wm Morrisons Supermarkets plc, has upheld that, yes, the company can be held liable.
In early 2014, the personal details of almost 100,000 Morrisons employees were deliberately published on the internet and sent to three newspapers. The culprit, a senior IT Manager, had harboured a grudge against his employer following disciplinary action the year before.
Over 5,500 employees brought claims for breach of statutory duty in relation to the Data Protection Act (DPA), the misuse of private information and breach of confidence.
For vicarious liability, the issue was whether the employee’s actions had been in the course of their employment. That means whether their wrongful conduct was closely connected to their authorised duties.
The IT Manager had been entrusted with the data, and received it and copied it as part of his role.
The court held that the actual breach was the later publication, and this was part of a seamless and continuing sequence of events. There was sufficient connection with his employment and the wrongful conduct.
Aiming to cause loss to the employer
However, the court granted Morrisons the right to appeal.
Kate Fretten, Partner in Frettens’ Employment Team, says that “This was on the basis that the employee’s aim had been to cause loss to his employer, and this decision could render the Court a witting accessory to his criminal actions. We will update you on the outcome of the appeal, but employers should be aware that the onus is on you, the employer, to put the procedures and systems in place to keep data safe and. Therefore, if any employee intentionally breaches them, it can be shown that they deliberately breached the your rules as opposed to your protection policies not being tight enough.”
Privacy at work: Surveillance cameras
Employers have the right to monitor activities in many situations at work, including:
recording on CCTV cameras & videoing outside the workplace
opening mail or e-mail & use of automated software to check e-mail
checking phone logs or recording of phone calls
checking logs of websites visited
getting information from credit reference agencies.
Data protection law doesn’t prevent monitoring in the workplace. However, it does set down rules about the circumstances and the way in which monitoring should be carried out.
Ideally, an employer should have a code of conduct or policy that covers workplace monitoring. If a code or policy has been agreed, it will usually form part of your contract of employment.
A right to privacy?
However, does video surveillance in a workplace infringe on any individual’s right to privacy? This was raised in a recent case, Antovic and Mirkovic v Montenegro, where video surveillance was installed in lecture halls at a Montenegro University and a lecturer felt that this infringed his right to privacy.
The Personal Data Protection Agency ordered the removal of the cameras. There was no evidence that safety had been an issue and therefore no legitimate grounds for data collection.
Private life encompasses business activities
By four votes to three the European Court ruled that although the University is a public sphere, private life encompasses business and professional activities. Article 8 had been breached.
Paul Burton, Head of Frettens’ Employment Team, says “If a member of staff thinks that you, as their employer, have been monitoring them in a way which is not allowed, you might need to seek expert advice. The best course of action is to talk to the employee about the monitoring, why it is in place and what happens with footage/data. You should check that your contracts of employment and staff handbook are up to date and correct for the surveillance that you have in place, just in case a member of staff raises this as an issue or takes out a grievance. We are happy to help if you need advice on what should be included in your policies or guidance on what can be allowed.”
Perceived Disability Discrimination
If a non-disabled job applicant is rejected because of a perception or anticipation that a condition could become a disability in future, is this direct disability discrimination?
Disability discrimination by perception
In an Employment Appeal Tribunal case, Chief Constable of Norfolk v Coffey, it was upheld that disability discrimination by perception is still direct discrimination.
The Claimant was a serving police officer in Wiltshire Police who applied for a transfer to the Norfolk force. She had a degree of hearing loss, which would usually have disqualified her from recruitment when she joined the Wiltshire force, but she was accepted after a function test.
Norfolk Police rejected her transfer request because her hearing was just below the acceptable standard, without a function test, based on concerns that she might end up on restricted duties should her hearing deteriorate.
The tribunal found that this decision was direct discrimination based on a perception that the Claimant would be disabled in the future. The hypothetical comparator would be a candidate whose condition was not perceived as likely to deteriorate so as to require restricted duties.
Kate Fretten, Partner in Frettens’ Employment Team, explains “The Employment Appeal Tribunal noted that there would be a gap in the protection offered by equality law if an employer, wrongly perceiving that an employee’s impairment might progress to the point where it affected their work substantially, could dismiss them in advance to avoid any duty to make allowances or adjustments.”