With its judgment no. 33809 of November 12, 2021, the Court of Cassation declared that an employee who erases or transfers company data to the outside commits disciplinary behavior and a civil and criminal offense. The employer can legitimately acquire and produce the private correspondence found after the return of the Company’s personal computer and present this evidence to the court to prove the employee’s unlawful conduct. The right to legal defense prevails over the inviolability of correspondence.
Facts of the matter
In this case, a manager, after having resigned, returned to the company the assigned personal computer, fully formatted and without any documents, data or company information. The employer then turned to an IT specialist to recover the data and information deleted by the former employee.
After recovering the password to access the Skype platform, the expert found conversations between the former employee and parties outside the company’s organization (including competing companies), revealing the commission of a series of unfair and illegal behavior. The Company has filed a claim for damages allegedly suffered as a result of the conduct of the Manager.
The Turin Court of Appeal, reversing the decision of the court of first instance, held that the Company’s claim was unfounded, ruling out the existence of any evidence of the allegedly unlawful behavior of the employee and, therefore , the right to compensation for the damages claimed. The Court of Appeal ruled that the conversations acquired by the Company on the manager’s Skype account could not be used in court, because they were obtained in violation of the secrecy of correspondence and without his consent.
The judgment of the Supreme Court of Cassation
In reversing the decision of the Court of Appeal, the Court of Cassation considered that the employee conduct harmed the Company’s assets. This was relevant not only in terms of civil law, with the employer’s consequential right to repair the damage suffered, but in Criminal law, because it was an offense under Article 635 bis of the Italian Criminal Code (i.e. damaging information, data and computer programs). According to the Cour de cassation, the employee’s behavior is relevant from a disciplinary point of view because it is contrary to the obligations of loyalty and diligence.
As to the legitimacy of documents containing personal data produced in the context of legal proceedings, the Supreme Court, referring to previous decisions, affirmed that this “is allowed when necessary to exercise its own right of defense, even in the absence of the owner’s consent and of any method used to acquire his knowledge. However, defend oneself in court, using the personal data of others, must be exercised with regard to the duties of correctness, relevance and non-excess (â¦). The legitimacy of the production of documents must be based on the balance between the content of the data used, to which the degree of confidentiality must be applied, and the needs of the defense.
As regards the processing of personal data, the Court indicated that “The right to defense before the courts prevails on the right of inviolability of correspondence, authorizing art. 24, letter f) Law 196/2003 not to take into account the consent of the data subject for the processing of personal data, when it is necessary to protect a right in court. The Court continued: âThis is conditional on the processing of data exclusively for this goal and the period strictly necessary for its continuation.“
According to the Supreme Court, the right of defense is not limited to the stage of judicial proceedings, as it could be extended to the collection of evidence in the proceedings, even before a dispute is formally established.
Finally, the Court of Cassation, in explaining its decision, confirmed the legitimacy of the checks carried out by the employer in accordance with the rules provided for in art. 4, law no. 300/1970 (applicable ratione temporis), find the checks of a “defensive” nature. According to the Court, the checks took place after the termination of employment and after the commission of the harmful act which consisted in deleting company data by the manager.
Other related information: