Over a period of two years, a police assistant unlawfully searched for her half-sister’s partner on the authority’s IT system. Her searches also included other individuals and vehicles related to him. All the searches were unrelated to her work.
The IT system was set up so that users were warned about the consequences of wrongful handling and data use when logging into it. There were also internal security guidelines in place.
The Labour Court found that the employee had breached her obligations so severely that she could be terminated without notice.
IUNO’s opinion
An intentional data breach can be a gross breach of trust and may justify a summary dismissal. However, the different security measures and guidelines will usually also play a role in the assessment. It will always require a case-by-case assessment.
IUNO recommends that companies have clear internal guidelines for data processing. Companies are ultimately responsible for data breaches under the applicable data protection rules. For that reason, ongoing training and clear guidance are crucial to ensure compliance in practice.
We have previously written a newsletter about data breaches here and, more generally, about when a summary dismissal can be justified here.
[The Labour Court’s decision of 18 March 2025 in case 12/25]