The Adjudication Officer's decision not to uphold his dismissal as unfair, was appealed by the worker (Appellant), after he had been dismissed for holding confidential Company information on an USB key, as well as emailing confidential Company documents to his personal email account. The Appellant had been employed from 2007 as a Hotel Night Manager until he was dismissed in May 2016. He had received a contract of employment and employee handbook, as well as separately signing for the Company's Internet, Email and Security Policy in 2011.
The Company's General Manager conducted an investigation after being made aware that the Appellant had a USB key with Company information on it. It was confirmed that the USB contained folders and shortcuts to highly confidential information relating to the business of the hotel and it's guests, including access to the Opera system which was the core management information system of the Hotel. The Hotel's IT provider also discovered that the Appellant had sent emails to his personal account that contained confidential information as well as historical function sheets. Whilst it was determined that the Appellant had not disclosed the Company information to anyone, it was held that he did not need to have it in his possession to fulfil his role, and that furthermore there was potential for the USB key to be accessed by other personnel as the Appellant left it in his pigeon hole. There was no reasonable or credible explanation offered for holding the information, or forwarding it on to a personal email account, and after the investigation the matter was progressed to a disciplinary hearing.
The disciplinary hearing was also conducted by the General Manager with the same HR Representative taking notes as had done at the Investigation meetings, who confirmed to the Court that she did not have any input to the decision to dismiss. The outcome of the disciplinary hearing determined that the sending of confidential information to the Appellant's personal account and having access to sensitive financial and guest data through the USB key, amounted to a serious breach of the Hotel's Internet, Email & Security Policy and could also have led to a serious breach of the privacy of guests. The General Manager outlined that there was a loss of trust with the Appellant when he was unable to provide any credible explanations for his actions. The Appellant was dismissed for gross misconduct which was upheld on appeal by the Managing Director.
The Appellant outlined to the Court that the breaches and potential risks as alleged by the Hotel were general and he did not gain or benefit in any manner by having the data available to him, which could only be accessed through a PC connected to the Hotel system. He also further submitted that the Hotel regularly emailed staff to their personal accounts, and that he had been dismissed as part of "some other management agenda".
The Court found that the Appellant's explanations in respect of the use of the data lacked credibility. The Court accepted that the Hotel considered it's data to be commercially sensitive and important, and had extensive polices in place to protect it's data, and agreed in the circumstances that these policies had been breached by the Appellant. The Court concluded that the decision to dismiss following the investigation and disciplinary processes held, was within the range of a reasonable employer and was not unfair within the meaning of the Unfair Dismissal Acts.
This case is an example of good process being followed in respect of a serious workplace matter, and a reasoned decision being taken after a considered and staged review process. It is noteworthy as well that the fact that the same person conducted both the Investigation and Disciplinary stages, was not detrimental to the integrity of the process and the Court accepted that due to the size of the organisation they did not have adequate resources to do otherwise. It would normally be advisable to separate the investigation, disciplinary and appeal stages. Finally it is worth noting that the employee had signed a copy of the Hotel's IT & Security Policy, and it will always be much easier to defend a dismissal for a breach of a policy, that has been clearly communicated to employees and signed off. Once again the basics apply when dealing with workplace disciplinary matters - communicate clearly standards and requirements in the first instance in the form of written policies and then when dealing with potential breaches pay attention to process, and implement robust investigation, disciplinary and appeal stages.