Date: Fri, 6 Mar 1992 19:55:42 GMT From: NEELY_MP@DARWIN.NTU.EDU.AU(Mark P. Neely, Northern Territory Subject: File 9--HACKING grounds for dismissal A recent article in the _Solicitors Journal_ (Sept. 1991, p.1008-10) posed the question as to whether the unauthorised access to a Company's computer was grounds for dismissal of an employee. It was written by Geoff Holgate, and the following is based on it. The issue came before the court English Employment Appeals Tribunal (EAT) and is reported in Denco Ltd. v. Joinson [1991] 1 Weekly Law Reports 330. The employee, Michael Joinson, worked as a sheet metal worker for Denco Ltd. which manufactured air drying and air conditioning equiptment. In 1988 Denco installed a computer which had a number of VDU terminals attached to it. The computer was also used by another company, Intek, which operated out of the same premises. Denco's policy was to encourage its employees to use the terminal even though their jobs didn't strictly require it. The computer, via a series of menus, provided information relating to the part-icular department within the company. To gain access to a particular menu (or sub-menu) the user was required to enter a user identity code and password. The password was changed every week. The purpose of the passworded system was that the information was provided on a 'need to know' basis, and only those authorised to access a particular menu were entitled to use it. The system's history file (which recorded every stroke entered on every terminal on the system) revealed an unauthorised access to certain of Intek's records on the system. This access was traced to Joinson (who admitted the unauthorised access). He had used the password of the daughter of a fellow employee who was an Intek trainee. Joinson was a member of the Amalgamated Engineering Union. Indeed, he was chairperson of a joint committee representing the AEU and other unions. Denco alleged that Joinson had used the identity code and password to obtain information which would be of use to him in his trade union activities, such use being hostile to the company. Joinson claimed that his access to the unauthorised information was accidental. He was summarily dismissed for gross misconduct. Joinson complained he had been unfairly dismissed. The Employment Appeal Tribunal (hearing an appeal by Denco against an industrial tribunal which found in favour of Joinson) held that "if an employee deliberately used an unauthorised password in order to enter, or attempt to enter, a computer known to obtain information to which he was not entitled, then that of itself was gross misconduct which prima facie would attract summary dismissal..." [quote from article, p.1009, not judgement] However the EAT then went on to limit their decision by emphaising that "there may be some exceptional circumstances in which such a response might be held ule". [quote from case in article, p.1009] The tribunal reasoned that as maintenance of the integrity of information stored on an employer's computer was important, it was in the best interests of management to make it "abundantly clear" that interference with its integrity would result in severe penalty. Any comments from the floor? Downloaded From P-80 International Information Systems 304-744-2253