In this day and age, the corporate world, and with it society in general, is inseparable from the intensive use of information technology, which has revolutionized communications, access to information, and it may even be said, the daily life of individuals and companies, and continues to do so.

In the corporate world, alongside the undeniable advantages and benefits generated by the use of information technology, there is also a host of potential risks against which protection needs to be provided to avoid the harm that could be caused by misuse of this technology. In an earlier blog article we wrote about the importance of adopting measures at the workplace to protect information considered secret.

For quite a few years now, the Spanish courts have been resolving cases on the misuse or incorrect use of the IT tools that companies provide for their employees to use when performing their tasks. In all these cases a line must be drawn between the clashing right of the employer to adopt surveillance and monitoring measures to verify the employee’s compliance with employment obligations, as an expression of the employer’s power of management and organization, from the right to privacy and secrecy in communications.

A new judgment (by Murcia High Court on March 29, 2017) has again shown the importance for companies to have in place rules governing the use of the IT tools that the company makes available to its employees, in which it placed particular emphasis on the permitted use or uses and on the ability to monitor compliance with those rules.

In the case examined in that judgment, an insurance company employee sent to himself from his company email account to two private email accounts, the specific terms of a number of individual policies, together with the list associated with two group insurance policies. In a first lawsuit, a labor court upheld the employee’s claim and held unjustified the disciplinary dismissal carried out by the company. Whereas a high court later upheld the company’s appeal and found the dismissal justified because it had been evidenced that the employee had incurred a clear breach of trust and engaged in disloyal behavior, all of which was also an act of indiscipline against the orders given by the company.

The main factor underlying the high court’s conclusion was that there were company rules in place on the use of IT tools which were mandatory and known to both the statutory workers’ representatives and to the employee. Those rules expressly prohibited the sending of corporate messages and documents to the worker’s own private email accounts or to those of the worker’s family members or friends.

The court also emphasized that the company was also guarantor of the custody of the documents and the data contained in them, and as such, may be harmed by any inappropriate use of that information by its employees.

Therefore, having rules in place on the use of IT tools has been identified as a crucial element for both identifying and remedying breaches of the employment obligations acquired by the employees and for avoiding the harm and legal consequences that could arise for the company from any unlawful use of such media.

Xavier Pera Coral

Garrigues Labor and Employment Law Department