Breach of data protection regulations by publishing the employees’ personal phone numbers on the employer’s intranet
At a glance
- A company published on its intranet the personal phone numbers of 300 bus driver employees.
- The Deputy Data Protection Ombudsman considered that this practice violates data protection laws. He ordered the company to change its practice.
The Deputy Data Protection Ombudsman considered that a company had breached data protection rules by publishing on its intranet the personal phone numbers of 300 bus driver employees in a way that they were available to all bus drivers in the company. The publication of personal phone numbers constituted a disclosure of personal data to third parties, and there were no legal grounds for the disclosure. Communication between bus drivers can also be organised in a way that is less privacy-intrusive, such as via work telephone.
In principle, employees' personal telephone numbers or e-mail addresses should only be used if it is not possible to use a work telephone number or work e-mail address. In addition, employees' personal data should only be processed by persons whose tasks include the processing of such data, eg managers or persons working in personnel management.
In its decision of 20 June 2024, the Deputy Data Protection Ombudsman issued a warning to the company for breaching data protection laws and ordered the company to change its practice.