Please note that all my articles are for informational purposes only and not legal advice. I assume no liability for the content of my articles. The articles may be out of date, the legal situation may have changed, or the specific situation in a case may need to be assessed differently. A binding consultation can only be given by me directly in the individual case. Take advantage of my free brief consultation!
An IT employee is obligated to protect sensitive customer data and may not misuse it for other purposes. A breach of these duties usually justifies termination without notice by the employer.
This was decided by the Siegburg Labor Court a few days ago.
The plaintiff had been working for the defendant as an SAP consultant since 2011. The plaintiff ordered headache pills for two board members of a customer of the defendant from the computer of a casino, using names, addresses and bank account details of customers of the customer previously downloaded from an encrypted computer of the customer to a private memory stick for the purpose of payment by direct debit. As part of the order, the plaintiff made the comment to this customer’s board that because of the order, they could see how easy it was to misuse data, which should give them a headache, and the headache pills they ordered could definitely help. He had not previously informed the defendant about existing security vulnerabilities at the customer. The plaintiff received a termination without notice on Aug. 26, 2019. He filed an action for unfair dismissal against this.
In its judgment of January 15, 2020, the Siegburg Labor Court dismissed the action and ruled that the termination without notice was justified. The 3rd Chamber was convinced that the plaintiff had blatantly violated his duty to show consideration for the interests of the employer by his actions. Sensitive customer data must be protected. The plaintiff misused his data access and exploited a security vulnerability at the customer’s site. Customers may expect the defendant and its employees to protect and in no way abuse any security vulnerabilities. Customer data must also not be misused for the purpose of uncovering supposed security gaps. The plaintiff has thus massively disturbed the customer’s trust in the defendant and its employees and thus massively endangered the customer relationship. This justifies termination without notice.
The decision is not yet final. The judgment may be appealed to the Cologne Regional Labor Court.
Marian Härtel is a lawyer and entrepreneur specializing in copyright law, competition law and IT/IP law, with a focus on games, esports, media and blockchain.
