Fines for excess document retention of employee data
Last year, the Office for Personal Data Protection imposed a fine of CZK 180.000 for excess retention of copies of employee documents.
What exactly was the reason behind the fine? The employer kept copies of national identification cards and that is allowed only if certain conditions are met, for example if the employer obtains a written consent from the employee. Other retained documents included copies of health insurance cards, data extracted from the criminal record, or cards with bank account numbers, copies of birth certificates of employees’ children, and photos of the employees. The Office stated that the employer does not have the right to require copies of all these documents and to store these copies in personal files.
However, employers must keep a personal file for each of their employees. So what can be kept in these files? Only documents which are necessary for duty performance. There is no list of specific documents. With documents that are not necessary for the performance of one’s job, the information should only be written down from the presented documents and there should be a confirmation of who, when, and based on what documents recorded and verified this information.
In the above mentioned case, the Office for Personal Data Protection also found that there was a leak of personal data from personal files of the employees, specifically that employees repeatedly received e-mails containing copies of documents from the files.