In the Labor Courts, for some time now, precedents have been created in which the improper use of personal data leads to dismissal for just cause. The increase in the number of dismissals for this reason tends to grow more and more, along with the monitoring of compliance with the General Data Protection Law that began in January 2022, and this is precisely what happened with the 10th Chamber of the Regional Labor Court (TRT) of Campinas (15th Region) confirming the dismissal for just cause of a banking correspondent who sent to her private email, and copied to third parties, personal data of clients, such as documents, CPFs, amounts of payroll loan contracts and telephone numbers.
The employee also claims that she wanted to check that she was actually receiving the commission for the sales correctly.
However, regardless of the justification, it is worth noting that when an employee is dismissed for just cause, they lose their unemployment insurance and other severance pay.
Acts that lead to a lack of security and privacy for customer data have become the focus of concern for companies, which in turn need to implement effective Privacy and Personal Data Protection Programs in their organizations, which should involve the application of training and the development of internal and external policies aimed at internalizing a culture of responsibility in the handling of data.
This enables strategic decision-making and, at the same time, prevents episodes of data leakage or improper data processing.
Employees generally have access to customer data, as well as that of the companies in which they work.
The data processed must be guaranteed in terms of confidentiality, secrecy and security, within the limits established by law.
The larger the company, the more complicated it becomes to control the activities carried out by employees, which makes the company’s preventive measures even more cautious.
Furthermore, the security of this data should not only be restricted to criminals, but also to misuse, as in this case.
Thus, one of the measures adopted by companies, for example, is to restrict access to data only to authorized people within the company, in order to reduce risks and guarantee greater security for their customers’ data.
This concern has grown exponentially in recent years as a result of Law No. 13,709/2018, which regulated the processing of personal data and determined penalties to be met by companies in default.
Among these penalties, the National Data Protection Authority can impose a fine of up to 50 million reais per violation.
Its enforcement had not begun until January 2022, but the law had already been in force since 2020, which gave companies a reasonable amount of time to adapt.
It can therefore be inferred that decisions have already been handed down authorizing the dismissal for just cause of employees who send personal data about employees or clients to their personal emails and/or to third parties.
In this way, the attitude in question is seen as serious misconduct, regardless of the purpose alleged by the employee during the sharing, indiscipline, violation of secrecy and internal company rules, which, according to the CLT, constitutes just cause:
Art. 482 – The following constitute just cause for termination of the employment contract by the employer:
g) violation of company secrets;
h) an act of indiscipline or insubordination;
It is therefore understandable that the LGPD was created precisely because personal data has gained enormous economic importance these days, becoming digital assets.
Companies like Google and Meta are some of the most valued in the world for being able to capture data from billions of users.
Finally, it is understood that the cases that have been judged make it clear that the LGPD is not just the company’s responsibility, but also has direct implications for the life of the employee, who must respect the confidentiality and data protection policies established by the company.
Do you want to comply with the LGPD?
Talk to PDK Advogados’ team of experts.