Recently, after an Indian engineer was fired from the National Computer Systems Group of Singapore (NCS), he used the company's system access rights that were not revoked in time to invade the system and delete the data of as many as 180 servers, causing the company to lose more than US$ 600,000 . He was eventually sentenced to nearly 3 years in prison by the court.
Someone in South Korea also deleted 4,216 business files in the company's Google account, changed the administrator password and reset the company website before leaving his job in April 2021 because he and the company did not reach an agreement on profit distribution. After the company filed a lawsuit, Wu Nan argued that the documents could be recovered from the trash can and that he had no intention of interfering with operations. However, the court believed that some of the data could not be recovered and found him guilty of interfering with work and fined him 5 million won.
This kind of incident also occurs in Taiwan. Recently, some netizens broke the news that the company's administrative assistant informed the company that the handover was completed before leaving the company, and handed the paper information to colleagues. Later, she started clearing the data on her computer on the pretext of deleting "private messages." The post sparked heated discussions among netizens.
Deleting company information after resignation, suggesting filing a criminal complaint
Most of these cases involve deleting company information when employees leave their jobs. Can companies in Taiwan seek compensation from these employees?
First of all, if an employee arbitrarily deletes company information while on the job, this may constitute Article 12, Paragraph 1, Paragraph 4 of Taiwan's Labor Standards Act (referred to as the Labor Standards Act) - a serious violation of the labor contract or work rules by the employee, or Article 5 Subsection - Intentional destruction of data in machinery and equipment causing harm to the employer. The company can use this as a statutory reason for dismissal and terminate the employment contract without prior notice and without paying severance pay.
If employees use the Internet to crack passwords or attack company computer equipment (such as cloud drives) to obtain data that they do not have permission to access, their behavior involves the criminal offense of intruding computer equipment by entering other people's account passwords without reason. If an employee not only logs in but also deletes data, this involves the crime of obtaining or altering the electromagnetic records of another person's computer. In addition, depending on the type of data deleted or obtained, it may also constitute criminal provisions under Taiwan's Personal Data Protection Act and breach of trust.
If an employee deletes company information after leaving the company, it is difficult to resolve the matter through civil means because the relationship is no longer an employment relationship. Claims for civil infringement are often hampered by the difficulty in proving the amount of damage. Therefore, in practice, it is recommended that the company file corresponding criminal prosecutions based on the behavior of the former employee.
Marking and accessing information regularly will be more advantageous in providing evidence during litigation.
Once a case enters into litigation, it often involves the attack and defense of evidence. Enterprises must make three preparations:
1. Prove that "the employee" deleted "the data"
Normally, employees should have individual login accounts and passwords, and have different data management permissions based on their positions. If there is no proper division of file storage authority and clear provisions that data cannot be deleted without the company's consent, then an employee who deletes the data in his or her charge before leaving the company may be deemed to have "deletion authority," and the deletion may therefore be considered legal.
Companies can use system records to query the cloud drive usage history, review recent activities of employee accounts, file deletion and recovery status, and compare the file deletion date and content in external reports to confirm whether it is related to the employee's position before resignation. If these measures cannot be prepared in advance, other employees can provide evidence when leaving the company to clarify the handover process and handover information as relevant evidence.
2. Prove the "importance" of the information to the company
If the information is easily publicly available or the company obviously has a backup, it will be difficult to determine that the company has been damaged and it may be difficult to claim relevant legal rights. Therefore, companies should take appropriate measures, such as marking data as confidential, limiting the scope of data access, establishing strict backup and access records, and providing specific evidence to demonstrate the special value or irreplaceability of the data, thereby strengthening legal protection. Base.
3. If an employee is to be fired, improper deletion must be clearly listed as the reason for dismissal
According to Articles 11 and 12 of Taiwan's Labor Standards Law, employers have the obligation to inform employees of the reasons for dismissal based on the principle of good faith and shall not change the dismissal at will. The cause may be changed to another cause in the lawsuit. If the employee's "deletion of data" is used as the reason for dismissal, the letter of dismissal sent to the employee must clearly state the reason. Otherwise, it will be difficult for the judge to accept the resultant reasons added after the fact, and the litigation process will be at a disadvantage.
