Heloisa de Alencar Santos
Lawyer at Marcos Martins Advogados
In a decision handed down by the Regional Labor Court of the Second Region, the dismissal for just cause of an employee who passed on sensitive data from the company that took over his services was upheld on the grounds that those who hold, control and operate data should be held responsible, mentioning the application of the General Personal Data Protection Law (LGPD).
With the Data Protection Act in force, which guarantees protection to the holder of personal data, whether sensitive or not, monitoring the traffic, use and storage of this data has become more frequent and incisive within companies, in view of the sanctions that can be applied in the event of a leak.
Personal data means any information relating to a natural person that identifies them or could identify them. Sensitive data can be defined as data revealing racial or ethnic origin, political opinions and religious or philosophical convictions, or data relating to a person’s health, sex life or sexual orientation.
The lower court’s decision, which upheld the application of just cause to a telemarketing agent for sending data such as CNPJ, CPF, numbers and amounts loaded onto cards, as well as the locations of a client company’s employees to his personal e-mail, corroborates the protection that the LGPD has given to any and all personal data, whether sensitive or not.
The Court, in its analysis of the evidence in the case file, found that the employee had even signed a confidentiality agreement and adhered to the company’s information security policy, by which he undertook to keep all information and data completely confidential, in addition to following the security rules defined by his employer.
Thus, in addition to violating the company’s internal rules, the employee’s conduct was in breach of the law and, although there was no intent or intention to provide the data to third parties, it was considered serious enough to warrant dismissal for just cause, insofar as “this is personal data of natural persons and in no way can it be lost to means beyond the company’s control, under penalty of the company’s possible liability for the individuals and legal entities affected”.
As can be seen, the General Data Protection Act has become an increasingly common issue in labor courts, making it essential for companies to be aware of its application, and especially of the sanctions that any non-compliance may generate.
It is therefore of the utmost importance that companies seek legal advice on how to correctly adapt to and monitor the application of the law, which Marcos Martins Advogados is able to provide.
