«

»

(Do not) Press the Button!

When a user deletes a file on a Windows PC, a delete confirmation dialog box pops up asking the user: “Are you sure you want to move this file to the Recycle Bin?”  Whilst the delete confirmation is usually a good thing to prevent users from deleting files by accident, it is not a suitable tool for preventing employees from committing serious misconduct:  The Regional Labour Court of Hesse (Landesarbeitsgericht, LAG) ruled on 5 August 2013 (docket number: 7 Sa 1060/10) that the wilful unauthorized deletion of a large amount of data by an employee may justify a summary dismissal, i.e. a dismissal for cause with immediate effect.

The plaintiff was employed at the defendant’s company as account manager.  After failed negotiations about an amendment of the plaintiff’s employment contract, the plaintiff deleted a large amount of customer-related data (emails, customer contact information and appointment data) from the Outlook-Exchange-Server via his user account.  The plaintiff did this by moving the files to the recycle bin first and then deleted the files permanently by emptying the recycle bin.  A deletion of the data by accident could therefore be excluded.  After having discovered the deletion of the files, the defendant dismissed the plaintiff with immediate effect.

According to the judges, the wilful unauthorized deletion of customer-related data by an employee resulting in internal problems for the business and difficulties with the respective customers constituted a material breach of self-evident contractual duties of the employee and therefore justified a summary dismissal.  A prior written warning, usually required for terminations based on conduct-related reasons, was not necessary in this case.  The plaintiff must have known that the employer would not tolerate such behaviour under any circumstances.

In order to protect company’s information assets against unauthorized access, disclosure, disruption, modification, recording or destruction, employers should implement (i) information security policies to tell the workforce how to deal with data and (ii) a robust information security system, both in compliance with applicable laws and regulations.