Concise and to the point with ALRUD: HR & DIGITAL (№1)

Concise and to the point with ALRUD: HR & DIGITAL (№1)

04 March 2024

Russian State Labour Inspectorate (GIT): An employer may impose disciplinary sanction on an employee for disclosing a colleague's salary

GIT received a question whether an employer can punish an employee who, ****without the consent**** of a colleague, ****disclosed their salary****.

Experts of GIT of the Nizhny Novgorod region pointed out that if the employer's ****local policy**** prohibits the disclosure of the salary of other employees, then employees who looked at another employee's pay slip and disclosed their salary may be disciplined for ****improper performance of their job duties****, expressed in non-compliance with the requirements of the local policy, provided that employees have been ****familiarized**** with this local policy under their signature.

GIT referred to the opinion of ****Roskomnadzor**** (Russian Data Protection Authority) that ****salary**** information is ****personal data**** (Letter No. 08KM-3681 dated 7 February 2014).

We also would like to remind that disclosure of a colleague’s personal data by an employee is a ****reason for immediate employment termination**** of the employee, who disclosed personal data.

Corporate e-mail data is leaked from every 19th employee of Russian companies

In 2023, 420 databases containing more than 981 million data strings became ****publicly available****, and in January 2024 — 62 databases with a total volume of over 525 million data strings.

Since 1 February 2024, there have been 29 leaks totaling more than 11 million data strings, 85% of which contained a ****password**** or ****password hash****. The main reason is the use of ****corporate email addresses**** for registration in ****popular services**** (for example, food delivery, online stores).

We recommend that companies regularly conduct ****trainings**** for employees to improve ****digital literacy****, explain to them the need to use corporate mail only for the performance of job duties, ****excluding personal goals****.

In order to minimize the risks associated with corporate e-mail data leaks, the person responsible for organizing the personal data processing (****DPO****) should also regularly check the availability of company email addresses in ****leak databases****.


How long can an employer process the personal data of ****dismissed employees****?

Roskomnadzor’s answer

The processed personal data is subject to ****destruction**** upon ****achievement of the processing purposes**** or in case of loss of the need to achieve these purposes. Meanwhile, the employer has the right to process the personal data of the dismissed employee within the time limits provided for by law (for example, tax or accounting).Meanwhile, the employer has the right to process the personal data of the dismissed employee within the ****time limits provided for by law**** (for example, ****tax**** or ****accounting****).

We hope that the information provided herein will be useful for you.

If any of your colleagues would also like to receive our newsletters, please send them the link to complete a Subscription Form .
Learn more about our practices:
Labour and Employment

Note: Please be aware that all information provided in this letter was taken from open sources. Neither ALRUD Law Firm, nor the author of this letter bear any liability for consequences of any decisions made in reliance upon this information.

If you have any questions, please, do not hesitate to contact us.

ALRUD Law Firm

Skakovaya str., 17, bld. 2, 6th fl., Moscow, Russia, 125040
Т: +7 495 234 96 92, Т: +7 495 926 16 48,
We use cookies to offer better performance of the website and fulfill some other purposes specified in the Privacy Policy. By way of ticking the box you provide your consent to use of cookies. Otherwise, we will only use technical cookies, which are necessary for proper functioning of the website.