Police assistant was dismissed for several data breaches
The Swedish Labour Court found that it was lawful to summarily dismiss a police assistant for nine data breaches. Her actions were such a gross breach of trust that she was clearly unfit for her position.
Over a period of two years, a police assistant unlawfully searched for her half-sister’s partner on the authority’s IT system. Her searches also included other individuals and vehicles related to him. All the searches were unrelated to her work.
The IT system was set up so that users were warned about the consequences of wrongful handling and data use when logging into it. There were also internal security guidelines in place.
The Labour Court found that the employee had breached her obligations so severely that she could be terminated without notice.
IUNO’s opinion
An intentional data breach can be a gross breach of trust and may justify a summary dismissal. However, the different security measures and guidelines will usually also play a role in the assessment. It will always require a case-by-case assessment.
IUNO recommends that companies have clear internal guidelines for data processing. Companies are ultimately responsible for data breaches under the applicable data protection rules. For that reason, ongoing training and clear guidance are crucial to ensure compliance in practice.
We have previously written a newsletter about data breaches here and, more generally, about when a summary dismissal can be justified here.
[The Labour Court’s decision of 18 March 2025 in case 12/25]
Over a period of two years, a police assistant unlawfully searched for her half-sister’s partner on the authority’s IT system. Her searches also included other individuals and vehicles related to him. All the searches were unrelated to her work.
The IT system was set up so that users were warned about the consequences of wrongful handling and data use when logging into it. There were also internal security guidelines in place.
The Labour Court found that the employee had breached her obligations so severely that she could be terminated without notice.
IUNO’s opinion
An intentional data breach can be a gross breach of trust and may justify a summary dismissal. However, the different security measures and guidelines will usually also play a role in the assessment. It will always require a case-by-case assessment.
IUNO recommends that companies have clear internal guidelines for data processing. Companies are ultimately responsible for data breaches under the applicable data protection rules. For that reason, ongoing training and clear guidance are crucial to ensure compliance in practice.
We have previously written a newsletter about data breaches here and, more generally, about when a summary dismissal can be justified here.
[The Labour Court’s decision of 18 March 2025 in case 12/25]
Similar
Draft bill to ensure responsible use of AI
The team
Alexandra
Jensen
Associate
Alma
Winsløw-Lydeking
Senior legal assistant
Anders
Etgen Reitz
Partner
Cecillie
Groth Henriksen
Senior associate
Elias
Lederhaas
Legal assistant
Emilie
Louise Børsch
Associate
Johan
Gustav Dein
Associate
Kirsten
Astrup
Managing associate
Maria
Kjærsgaard Juhl
Legal advisor
Sunniva
Løfsgaard
Legal assistant