Help settling an debate please

RoboRat

Has there ever been a case taken against an ex employee who deleted company files and emails?
I have been having this debate with my wife and she says no there is no case. I know there have been cases in the US but I can't find anything relevant for Ireland.
Personally I can't see why a company couldn't pursue an employee for doing this as surely the files are the property of the company and the employee was paid for creating them. My view is that someone worked as a cabinet maker and decided to destroy all the cabinets they made, they would be charged, so how would this be different.
Perhaps I'm naive but I'm very interested to find out.

Peregrinus

I'm not aware of a case being taken but, then, I wouldn't necessarily be. There's no doubt that a company could take a case against somebody who destroyed data belonging to the company.

Samuel T. Cogley

In Ireland we have some very lazy but very clever legislators who decided this was exactly the same as destroying cabinets.

Criminal Damage Act 1991

5.—(1) A person who without lawful excuse operates a computer—

(a) within the State with intent to access any data kept either within or outside the State, or

(b) outside the State with intent to access any data kept within the State,

shall, whether or not he accesses any data, be guilty of an offence and shall be liable on summary conviction to a fine not exceeding ?500 or imprisonment for a term not exceeding 3 months or both.

(2) Subsection (1) applies whether or not the person intended to access any particular data or any particular category of data or data kept by any particular person.

(Fine has been changed). What other places do with reams we do with one very powerful section. Although this is criminal rather than civil so it's not the company taking a case.

Yourself isit

Samuel T. Cogley wrote: »

In Ireland we have some very lazy but very clever legislators who decided this was exactly the same as destroying cabinets.



(Fine has been changed). What other places do with reams we do with one very powerful section. Although this is criminal rather than civil so it's not the company taking a case.

That's "unlawful" operation of a computer. Hacking I assume. But an employee has the right to access a computer.

Samuel T. Cogley

Yourself isit wrote: »

That's "unlawful" operation of a computer. Hacking I assume. But an employee has the right to access a computer.

Not for the purpose of deleting data. Unlawful operation is the key here - nice and broad. And also probably not thought of with hacking in mind in 1991.

I love Sean nos

RoboRat wrote: »

an ex employee who deleted company files and emails?

Two questions:

1. Was the person involved working for the company at the time of the deletion? You say ex-employee, but it's not clear whether that status is for when the incident occurred or now.
2. The files and mails deleted, were they on a PC in the possession of the person in question or are you talking about accessing a server?

Peregrinus

I don't think the employment status of the employee at the time the data was deleted is relevant. If he's being prosecuted under s. 5 the issue is not whether he has lawful access to the computer he uses, but whether he has a lawful excuse for using the computer to access the data. It could, for example, be his own computer, in which case accessing the computer is perfectly lawful, but operating it with the intention of accessing someone's data may not be.

I think the bigger problem is that s. 5 is directed at accessing data, not at deleting it. And, as a criminal provision, it will be restrictively construed.

So, suppose that while Jane is still an employee - she's working out her notice period, say - and while her duties still involve her accessing the data, she accesses the data and (improperly and maliciously) deletes it. If she had a lawful excuse for accessing the data, can she be convicted under s.5?

You might argue that she would have had a lawful excuse for accessing the data for the purposes of performing the duties of her employment, but she didn't have a lawful excuse for accessing it for the purpose of maliciously deleting it. But even if that's a good argument, you'd need to prove that she had formed that intent at the time she accessed the data. What if she accessed the data in the ordinary course of her duties but, while engaged in (say) data entry and while reflecting on the injustice of her impending dismissal, she was seized by a sudden impulse to delete the data and, without further thought, did so? Is her accessing of the data retrospectively rendered unlawful by her later decision to delete it?

I think the proper charge is actually under s.2 of the same Act:

"2.-(1) A person who without lawful excuse damages any property belonging to another intending to damage any such property or being reckless as to whether any such property would be damaged shall be guilty of an offence."

"Property" is defined in s. 1(1) to include data, and "damage", as far as data is concerned, is defined to include adding to it, altering it, corrupting it or erasing it. Thus deleting or corrupting someone else's data without lawful excuse is an offence under s. 2.

Note that this is a criminal provision, as STC point out, so the employer would complain to the guards, and then the DPP would make a decision about prosecution.

Separately, the employer could bring a civil action seeking damages resulting from the destruction of the data.

RoboRat

Cool thanks for the replies, I would have thought it constituted destruction of property so this backs my theory.

My reasoning was if an employee was in a data only job such as graphic design or similar, the deletion of all their company emails and work would essentially be destruction of the property of the company as long as this was done to a work email account and files on a work supplied computer.

I guess it would also require evidence that this was malicious and not just 'tidying up' so it would require a bulk deletion rather than deleting as they went i.e. if they deleted everything on the day they finished.

I can't see how this could be anything other than criminal damage as it essentially would void the work done throughout their duration of their tenure.