GIT received a question whether an employer can punish an employee who, ****without the consent**** of a colleague, ****disclosed their salary****.
Experts of GIT of the Nizhny Novgorod region pointed out that if the employer's ****local policy**** prohibits the disclosure of the salary of other employees, then employees who looked at another employee's pay slip and disclosed their salary may be disciplined for ****improper performance of their job duties****, expressed in non-compliance with the requirements of the local policy, provided that employees have been ****familiarized**** with this local policy under their signature.
GIT referred to the opinion of ****Roskomnadzor**** (Russian Data Protection Authority) that ****salary**** information is ****personal data**** (Letter No. 08KM-3681 dated 7 February 2014).
We also would like to remind that disclosure of a colleague’s personal data by an employee is a ****reason for immediate employment termination**** of the employee, who disclosed personal data.
In 2023, 420 databases containing more than 981 million data strings became ****publicly available****, and in January 2024 — 62 databases with a total volume of over 525 million data strings.
Since 1 February 2024, there have been 29 leaks totaling more than 11 million data strings, 85% of which contained a ****password**** or ****password hash****. The main reason is the use of ****corporate email addresses**** for registration in ****popular services**** (for example, food delivery, online stores).
We recommend that companies regularly conduct ****trainings**** for employees to improve ****digital literacy****, explain to them the need to use corporate mail only for the performance of job duties, ****excluding personal goals****.
In order to minimize the risks associated with corporate e-mail data leaks, the person responsible for organizing the personal data processing (****DPO****) should also regularly check the availability of company email addresses in ****leak databases****.
How long can an employer process the personal data of ****dismissed employees****?
The processed personal data is subject to ****destruction**** upon ****achievement of the processing purposes**** or in case of loss of the need to achieve these purposes. Meanwhile, the employer has the right to process the personal data of the dismissed employee within the time limits provided for by law (for example, tax or accounting).Meanwhile, the employer has the right to process the personal data of the dismissed employee within the ****time limits provided for by law**** (for example, ****tax**** or ****accounting****).
We hope that the information provided herein will be useful for you.