The Bottom Line
- Summary dismissal is a high-risk option. A “zero-tolerance” policy on unauthorized data access may be overturned if an employee is acting under extreme personal duress, particularly when that duress is directly linked to the data they accessed.
- The “good employer” duty requires nuance. Even in cases of clear misconduct, Dutch law requires employers to consider the full context, including an employee’s personal crises, before resorting to the ultimate sanction of summary dismissal.
- An unjustified dismissal is costly. Even if an employee accepts the termination, a court finding it unjustified can lead to significant financial penalties, including a transition payment, fair compensation, and payment in lieu of the proper notice period.
The Details
The case involved a long-serving youth care worker at a major child protection agency. The employer dismissed her for cause after discovering she had accessed confidential files of two clients without a valid business reason. On the surface, this was a clear violation of data privacy rules and a breach of trust. However, the circumstances were extraordinary: one of the clients had recently threatened the employee and her son with a firearm, causing her to flee her home and suffer from PTSD. The other client had been in a violent conflict with her son. The employee accessed the files in what the court understood as moments of extreme personal distress and fear.
The Rotterdam District Court acknowledged that accessing confidential files without authorization is a serious offense that could justify dismissal. However, it ruled that a summary dismissal—the most severe disciplinary action—was a disproportionate and excessive measure in this specific context. The court heavily criticized the employer for its one-sided focus on the rule violation, arguing it had failed in its duty as a “good employer” by not showing compassion or properly weighing the severe personal trauma the employee was experiencing. The court noted the employer was aware of the employee’s situation, as she had even requested trauma counseling through the company.
While the employee ultimately accepted the end of her employment, the court’s finding that the dismissal was unjustified had significant financial consequences for the employer. The company was ordered to pay the employee a statutory transition payment, compensation for the improper notice period, and an additional “fair compensation” award of €10,000. This ruling serves as a crucial reminder for all organizations that while robust data security policies are essential, their enforcement must be reasonable. Courts will look beyond the black-and-white rule to the “why” behind an employee’s actions, and a failure to act with appropriate consideration and compassion can turn a seemingly justified dismissal into a costly legal defeat.
Source
Rechtbank Rotterdam
