ALRUD Law Firm
  March 4, 2024 - Moscow, Russia

Concise and to the point with ALRUD: HR & DIGITAL (?1)
  by Irina Anyukhina

Russian State Labour Inspectorate (GIT): An employer may impose disciplinary sanction on an employee for disclosing a colleague's salary


GIT received a question whether an employer can punish an employee who, ****without the consent**** of a colleague, ****disclosed their salary****.

Experts of GIT of the Nizhny Novgorod region pointed out that if the employer's ****local policy**** prohibits the disclosure of the salary of other employees, then employees who looked at another employee's pay slip and disclosed their salary may be disciplined for ****improper performance of their job duties****, expressed in non-compliance with the requirements of the local policy, provided that employees have been ****familiarized**** with this local policy under their signature.

GIT referred to the opinion of ****Roskomnadzor**** (Russian Data Protection Authority) that ****salary**** information is ****personal data**** (Letter No. 08KM-3681 dated 7 February 2014).

We also would like to remind that disclosure of a colleague’s personal data by an employee is a ****reason for immediate employment termination**** of the employee, who disclosed personal data.

Corporate e-mail data is leaked from every 19th employee of Russian companies


In 2023, 420 databases containing more than 981 million data strings became ****publicly available****, and in January 2024 — 62 databases with a total volume of over 525 million data strings.

Since 1 February 2024, there have been 29 leaks totaling more than 11 million data strings, 85% of which contained a ****password**** or ****password hash****. The main reason is the use of ****corporate email addresses**** for registration in ****popular services**** (for example, food delivery, online stores).

We recommend that companies regularly conduct ****trainings**** for employees to improve ****digital literacy****, explain to them the need to use corporate mail only for the performance of job duties, ****excluding personal goals****.

In order to minimize the risks associated with corporate e-mail data leaks, the person responsible for organizing the personal data processing (****DPO****) should also regularly check the availability of company email addresses in ****leak databases****.

Question

How long can an employer process the personal data of ****dismissed employees****?

Roskomnadzor’s answer

The processed personal data is subject to ****destruction**** upon ****achievement of the processing purposes**** or in case of loss of the need to achieve these purposes. Meanwhile, the employer has the right to process the personal data of the dismissed employee within the time limits provided for by law (for example, tax or accounting).Meanwhile, the employer has the right to process the personal data of the dismissed employee within the ****time limits provided for by law**** (for example, ****tax**** or ****accounting****).




Read full article at: https://alrud.ru/publications/6679df817a52dc6eaa085e73/