2020-06-25
Legal Articles

Subject access requests and the link to unfair dismissal

Home / Knowledge base / Subject access requests and the link to unfair dismissal

Posted by Christine Jackson on 28 September 2016

Christine Jackson - Commercial Contracts Solicitor
Christine Jackson Partner

In the recent case of McWilliams v Citibank NA the tribunal looked at the failure of Citibank to provide Ms McWilliams’ data following a Subject Access Request (SAR), and whether this contributed to an unfair dismissal.

Background

Ms McWilliams had worked for Citibank since August 1998 as a trader. She regularly communicated with people from other banks, an online chat facility, and the discussions involved the disclosure of confidential information.

In June 2013, the Financial Conduct Authority (FCA) began investigating some financial organisations, including Citibank, because of its concerns about the sharing of confidential data by traders in online chat rooms and the manipulation of exchange rates. Citibank also held internal investigations, and this led to Ms McWilliams’ line manager being dismissed for sharing confidential client information with a trader at another bank. Subsequently, Ms McWilliams was investigated and suspended. Soon after, Ms McWilliams submitted a subject access request (SAR) requesting all of her data, together with her data collected by 25 colleagues. The bank refused to provide any data using the defence that it was disproportionate. Ms McWilliams narrowed down her search criteria and stated that the data requested was imperative to her responding to the disciplinary allegations. Again the bank refused, so she complained to the Information Commissioner’s Office (ICO). 

Ms McWilliams requested for the disciplinary hearing to be postponed following the outcome of the FCA’s investigation, as part of her case was Citibank’s relaxed attitude to compliance and that sharing confidential information was custom and practice. Despite this, Citibank pressed ahead with the disciplinary hearing in May 2014, and it dismissed Ms McWilliams in November 2015. However, importantly, it had undertaken a limited investigation before making its decision to dismiss, and the decision was made in September 2015 (two months before it was communicated to her).

Soon after, the FCA provided its outcome and stated, amongst other things, the guidance on chat rooms did not detail which types of communication were unacceptable. This supported Ms McWilliams’ defence.

Employment tribunal proceedings

The employment tribunal held that Citibank had failed to carry out a reasonable investigation as it did not investigate Ms McWilliams’ argument that sharing confidential information was the general practice. Together with other factors, Ms McWilliams was successful with her claims of unfair dismissal and wrongful dismissal (failure to pay notice); albeit she contributed to her dismissal through the sharing of confidential information.

Although this is to be dealt with by the ICO, the employment tribunal touched upon the SAR and stated it was not a fishing exercise (unlike a lot of SARs we see). It held that the internal investigation was unsatisfactory. As Ms McWilliams was out of the office suspended without access to information, this materially affected her ability to defend the allegations against her. 

Conclusion

In terms of employment lawMcWilliams v Citibank NA reinforces the need for employers to carry out fair and reasonable investigations and listen to the employees’ defence, or potentially face Employment Tribunal proceedings. From a data protection perspective, although previous case law suggests SARs are not a mechanism to assist a person with their litigious claim, it appears from this case that an employer should not dismiss a SAR because of the potential or on-going litigation.

Data protection is ever-changing, so we recommend training your staff on Data Protection, including SARs, the exemptions and the consequences of not complying with the DPA. You may not be aware, but currently, the ICO can issue fines of up to £500,000 (although this will increase to 4% of an organisation’s global annual turnover for the preceding year or 20 million Euros, whichever is the greater when the General Data Protection Regulations (GDPR) come into force on 25 May 2018). In addition, there is the employment tribunal side of litigation where an employee who is successful with their unfair dismissal could receive up to a years’ salary as compensation. This is not factoring in the cost and time of preparing for the hearing itself. 

About the author

Christine helps clients manage risk and financial exposure in their day to day business dealings.

Christine Jackson

Christine helps clients manage risk and financial exposure in their day to day business dealings.

Recent articles

11 August 2020 Medical negligence; pressure sores

Pressure sores are painful debilitating injuries which should not occur if you or your loved one is being cared for and nursed in the most supportive way.

Read article
07 August 2020 Protecting your chances of getting paid; retention of title clauses

A retention of title clause is a term within a contract for the sale of goods which states that the seller retains ownership of the goods until specified obligations are fulfilled by the buyer.

Read article
05 August 2020 Privilege: Protecting your business communications

Privilege can entitle a party involved in court proceedings to withhold a document from their opponent or to deny access to regulators and enforcement agencies.

Read article
Contact
How can we help?
01926 732512
CALL BACK