Trust squandered: When personal data makes the rounds in the company
A case from everyday working life that gets under your skin: a 48-year-old employee of Geberit in Pfullendorf has sued his employer - for a data protection breach with personal consequences. The man, who has worked for the company for almost 30 years and was also active on the works council, fell ill, sought help in a psychosomatic clinic - and did not want to make this a topic of conversation among the workforce.
But that is exactly what happened. The reason: according to him, his reintegration plan, which also named the clinic, was forwarded by the HR manager to the works council chairman, who then distributed it to other members. And suddenly his stay at the clinic was company knowledge.
"I'm going through hell right now" - when colleagues suddenly know everything
What may seem like a bureaucratic blunder to outsiders was a personal nightmare for the person concerned. In court, he vividly described: "I'm going through hell right now." His colleagues on shift and on the opposite shift spoke to him about the illness - although that was exactly what he had wanted to avoid.
According to his lawyer, it would have been perfectly sufficient to state the scope of the reintegration - without the name of the clinic or any details. Data protection breach? Clearly. The judge at Ulm Labor Court also indicated that there had been a breach, even if it remained unclear how many employees had actually found out about it.
Geberit's lawyer admitted: "The process was wrong, we are sorry about that." At the same time, he claimed that it had not spread far. But the damage is there - even if no witnesses can be found. The plaintiff said clearly: "I don't want to implicate any of my colleagues."
Data protection is more than a law - it's a promise
The amount in dispute is 5,000 euros, and the plaintiff has so far rejected settlement offers of 1,000 and 2,000 euros. He is not interested in the money - but in justice. And that employers - especially in sensitive areas - take confidentiality seriously.
Because whether deliberately or negligently: The disclosure of health data is not a trivial offense. The breach of trust is difficult to heal - especially if you have to continue working in the same company as the person concerned. A verdict is still pending, but one thing is already clear: the damage to the company's image is real.
Anyone who squanders trust should not be surprised about complaints.
You have to imagine it: An employee is struggling with his health, seeks help - and his employer tramples on his privacy. Reintegration by email - with a clinic address attached? That's not a minor faux pas, it's a data protection disaster. And when the employer then goes on to argue that the "circle of insiders" has remained small, it really makes you wonder whether the issue of data protection has even reached some HR departments.
