Employer alleges conduct 'poses a risk to security of its digital information'
The Fair Work Commission (FWC) recently dealt with a case involving an employee who allegedly breached his employer’s security policies by personally storing the latter’s information.
According to records, the FWC found the employee had emailed documents from the employer’s restricted network to his email address. He then took photos of them and stored the said images on his personal devices.
The employee was part of the Australian Army Reserves as a deputy director. Following a federal police investigation, his employer was notified that he had stored 39 images of its information.
The employer’s investigation concluded the employee breached his obligation under the Public Service Act which requires employees to comply with lawful and reasonable directions and “act with care and diligence.”
The employee was dismissed for breaching the employer’s code of conduct. He subsequently filed an unfair dismissal claim before the FWC.
The employee’s defence
The employee argued that none of the information he took photos of was sensitive or classified information. He also said that all the captured information was for work purposes; and the data was “unclassified and could have been emailed to his personal email address without concern.”
As for the employer, it said that the employee “failed to comprehend that his conduct poses a risk to [the] security of [its] digital information.” The employer also said his conduct “irreparably damaged [the] employment relationship.”
Is the employee’s conduct considered a “serious breach”?
The FWC concluded that the employee’s breaches were not “serious errors of judgment” and “did not warrant dismissal.” It also noted that the employee acknowledged that he did not comply with the employer’s security policies and “showed true remorse.”
The FWC said that his failure to follow “lawful and reasonable directions” was not “substantial, wilful or intentional.” It noted that most of the information he saved was “addressed to him and were personal records,” adding that “there is no suggestion that any information was compromised or disclosed.”
The FWC explained that most of them were documents “specifically relating to him,” including performance reports, documents addressed to him, and documents he had created.
The FWC also said that the employer’s restricted network was “frequently unreliable, slow and frequently crashed.” It said that even though the employee’s conduct was “not an approved procedure,” it was still “a common practice in the [employer’s] work area to copy information from the said network to personal devices.”
The FWC’s considerations
The FWC considered the employee’s “otherwise unblemished employment record” and that “no charges or cautions [came] from [the] police investigation.”
The FWC also noted that the employee did not appear to disclose the collected information. It said that a “reprimand and fine would have been appropriate sanctions” and ruled that the dismissal was harsh.
Thus, the FWC ordered reinstatement and appropriate pay. The decision was handed down on 17 March.
