Unfair Dismissal
Options
JohnMalkovich
Posts: 6 Forumite
Background:
Over the past year I have worked for a company that I have put in over 40+ hours a week including overtime to try and improve the business due a failing IT infrastructure. On numerous occasions the lack of employees internally has been mentioned. Regardless I have worked there for around a year and 4 months. Within the last month; with the increasing stress; I called in work for sick leave.
I have an bad impression of my employer beforehand and knew this would mean they would deal with the incident in whatever “cruel”(for lack of a shadier word) manner they could get away with. Despite everything else; I needed the time off as I was dealing with too much else. Work attended my home and started speaking to my family about how I was trying to blackmail them by not giving them my personal work password. On an account before I proceed because I know this might to non technical individual seem like a big thing. I described to them that the password they were requesting was something I could not give them under IT security policy and would be considered a breach of security as well as a breach of my identity. likewise I have also mentioned that the other password which they were requesting was something I did not setup(BIOS password; which is easily reset in 5 minutes by removing CMOS battery etc). In regards to how critical this is. Please understand that they are able to reset this internally and there is no reason why I had to spell it out. I of course advised how they could reset the password if need be and sent them a guide to pass onto their own technical personnel; which I must advise is only 1 apprentice and a graduate with less than 2 years IT experience in total. Of course I am not responsible for any mismanagement on their side; and I don't feel I should hold any responsibility for the lack of knowledge etc..
I have received an email today advising that I have infringed on gross misconduct as I wouldn't supply my personal work password(due to employee handbook(which I will get to later)); which I would also like to re-mention can be reset by themselves as they own the IT infrastructure(EG: Google can reset passwords for its gmail users; and if they like, obtain access). Being from an IT background and specializing in Security; I feel I have followed best laws and practices. I gave them over 200 passwords for there systems however was interrogated for one(my one which held no special privileges despite that it was my identity); by which they could reset themselves and which if I gave would compromise security authenticity. I did and still do not trust my employer and feel that they might use my own account maliciously to pinpoint crimes of my behalf. Of course if they reset the password this would show in the system; which would absolve myself of any activity committed afterwards.
Another thing to mention is in the gross misconduct letter sent to myself they repeatedly asked for documentation and other terms which were not mentioned in person however were repeatedly mentioned in written form; even when I advised that all documentation had been handed over.
I am in a position which I have read through the employee handbook and see no mention of having to tell anyone my personal password(only mention of intellectual property). There was no basis for needing this; so it made it more suspicious in nature; more so is that I supplied an alternative solution by which they appeared happy with; but after a few days receive an email advising of misconduct and termination but no mention as to whether the true technical solution which the directors were trying to imply was why they needed by personal work password for; in order to resolve. In IT security we have a term called non-repudiation; and passwords are very central to proving one's identity. An example would be that you are indeed receiving this current email from myself. John Malkovich; however if Peter and John Doe knew my password it would no longer be true whether it was actually indeed John that sent the email; of course I struggle as many fields don't understand IT aspects. I was more worried due to the nature of the request which seemed absurd. Asking for a personal work password as a reason to resolve something that did not need the password in the first place. I wont keep on going on about this; because I think the concept of non-repudiation and the background of the discussion has been highlighted. In this case they had my account been used for something illegal it would have been hard; since my name is attached to deny involvement; for this purpose what they were asking for exceeded general IT processes and potentially put myself at risk with the law. However they had all the power to reset this themselves to gain access.
Further yet work harassing myself when I was off sick(visiting my family's home and advising that I am trying to blackmail them). I am wondering if this is indeed something that I may do something about. I at the time was very angry that they had disregarded my privacy. While speaking with themselves I mentioned that I did not want them coming to my home and that the reasons for them going to the extent they have when the issue can be resolved technically on the IT side within 15minutes appeared absurd. I do question whether they had reasons to try and dismiss myself before returning to work; being afraid that i might discover something else which they have done.
More so than that at confrontation outside my door; I was threatened that they would not pay myself for sick leave to date. Later to this I of course as mentioned receive the gross misconduct letter but am told I will not be paid unless documentation(told them on numerous occasions they have already been supplied with this), my personal work password(reasons stated above) and passwords(which is nothing less than a term that has no backing). I of course know this is a “sales” technique on their side to provide justification for fair dismissal; however it is obvious to myself that most of what has been sent is nothing less than willing ignorance of what has been stated in written and verbal form beforehand.
Please let myself know what you think; or if you could refer any key points that i can fight this legally. Also your opinion if I can win this is very much helpful.
Non-Repudiation Definition - searchsecurity.techtarget.com/definition/nonrepudiation
Over the past year I have worked for a company that I have put in over 40+ hours a week including overtime to try and improve the business due a failing IT infrastructure. On numerous occasions the lack of employees internally has been mentioned. Regardless I have worked there for around a year and 4 months. Within the last month; with the increasing stress; I called in work for sick leave.
I have an bad impression of my employer beforehand and knew this would mean they would deal with the incident in whatever “cruel”(for lack of a shadier word) manner they could get away with. Despite everything else; I needed the time off as I was dealing with too much else. Work attended my home and started speaking to my family about how I was trying to blackmail them by not giving them my personal work password. On an account before I proceed because I know this might to non technical individual seem like a big thing. I described to them that the password they were requesting was something I could not give them under IT security policy and would be considered a breach of security as well as a breach of my identity. likewise I have also mentioned that the other password which they were requesting was something I did not setup(BIOS password; which is easily reset in 5 minutes by removing CMOS battery etc). In regards to how critical this is. Please understand that they are able to reset this internally and there is no reason why I had to spell it out. I of course advised how they could reset the password if need be and sent them a guide to pass onto their own technical personnel; which I must advise is only 1 apprentice and a graduate with less than 2 years IT experience in total. Of course I am not responsible for any mismanagement on their side; and I don't feel I should hold any responsibility for the lack of knowledge etc..
I have received an email today advising that I have infringed on gross misconduct as I wouldn't supply my personal work password(due to employee handbook(which I will get to later)); which I would also like to re-mention can be reset by themselves as they own the IT infrastructure(EG: Google can reset passwords for its gmail users; and if they like, obtain access). Being from an IT background and specializing in Security; I feel I have followed best laws and practices. I gave them over 200 passwords for there systems however was interrogated for one(my one which held no special privileges despite that it was my identity); by which they could reset themselves and which if I gave would compromise security authenticity. I did and still do not trust my employer and feel that they might use my own account maliciously to pinpoint crimes of my behalf. Of course if they reset the password this would show in the system; which would absolve myself of any activity committed afterwards.
Another thing to mention is in the gross misconduct letter sent to myself they repeatedly asked for documentation and other terms which were not mentioned in person however were repeatedly mentioned in written form; even when I advised that all documentation had been handed over.
I am in a position which I have read through the employee handbook and see no mention of having to tell anyone my personal password(only mention of intellectual property). There was no basis for needing this; so it made it more suspicious in nature; more so is that I supplied an alternative solution by which they appeared happy with; but after a few days receive an email advising of misconduct and termination but no mention as to whether the true technical solution which the directors were trying to imply was why they needed by personal work password for; in order to resolve. In IT security we have a term called non-repudiation; and passwords are very central to proving one's identity. An example would be that you are indeed receiving this current email from myself. John Malkovich; however if Peter and John Doe knew my password it would no longer be true whether it was actually indeed John that sent the email; of course I struggle as many fields don't understand IT aspects. I was more worried due to the nature of the request which seemed absurd. Asking for a personal work password as a reason to resolve something that did not need the password in the first place. I wont keep on going on about this; because I think the concept of non-repudiation and the background of the discussion has been highlighted. In this case they had my account been used for something illegal it would have been hard; since my name is attached to deny involvement; for this purpose what they were asking for exceeded general IT processes and potentially put myself at risk with the law. However they had all the power to reset this themselves to gain access.
Further yet work harassing myself when I was off sick(visiting my family's home and advising that I am trying to blackmail them). I am wondering if this is indeed something that I may do something about. I at the time was very angry that they had disregarded my privacy. While speaking with themselves I mentioned that I did not want them coming to my home and that the reasons for them going to the extent they have when the issue can be resolved technically on the IT side within 15minutes appeared absurd. I do question whether they had reasons to try and dismiss myself before returning to work; being afraid that i might discover something else which they have done.
More so than that at confrontation outside my door; I was threatened that they would not pay myself for sick leave to date. Later to this I of course as mentioned receive the gross misconduct letter but am told I will not be paid unless documentation(told them on numerous occasions they have already been supplied with this), my personal work password(reasons stated above) and passwords(which is nothing less than a term that has no backing). I of course know this is a “sales” technique on their side to provide justification for fair dismissal; however it is obvious to myself that most of what has been sent is nothing less than willing ignorance of what has been stated in written and verbal form beforehand.
Please let myself know what you think; or if you could refer any key points that i can fight this legally. Also your opinion if I can win this is very much helpful.
Non-Repudiation Definition - searchsecurity.techtarget.com/definition/nonrepudiation
0
Comments
-
I understand that Article 8 allows a right to an identity. I would like to know if I can use this legally to justify the IT policy and danger behind providing my password rather than them resetting it. If the is passwords reset then it means I have not given them approval to speak as myself in my place. Which is something I fear they are trying to do. So they are free to do this as they like; further more the personal account they require is of an account on the clients architecture which we manage. They have the ability to reset this themselves fairly easily and there is no justifiable reason why they would need this. Despite myself being a big advocate for privacy and confidentiality. I have been off work for 3 weeks and dont remember this password anyhow. Of course I have not taken that stance because its not about that but more so that this account if I give expressive details have in part given them ability to use my identity.
I do have suspicion that they have badmouthed myself and revealed details about myself being off to the client I normally manage. I am off for depression. I am wondering what evidence I would need and how I would go about a case for this.
I was joined with a trade union and have been joined for a numerous weeks as I feared this would come to a disarrangement as was given early cues while only being off for the first 3 days. However I felt a right to not allow work to dis-allow myself a stage to heal from a tragedy which I am trying to accept.
Many Thanks for help in advance.0 -
If the computer is the employer's property and/or is for the sole use of the business they have a right to request passwords for access.
Yes, there are (or should be) other ways to override this to gain access, but that doesn't give you the right to refuse to give them the password to their own property.
The only grey area to the above would be if your IT policy explicitly stated that you must never give your password to another employee under any circumstances whatsoever.0 -
TL;DR
Have to ask WHY you didn't simply give your employer the passwords they requested?
It seems unreasonable to withhold them, and you have brought this on yourself.
I worked in IT for 40 years and would never have dreamed of behaving like that.The questions that get the best answers are the questions that give most detail....0 -
Hi Bazzy,
Thanks for your quick reply it does mention in my employee handbook under access protection:
"The right of access to the PC networks and to the centralised server is exclusive to individual users. These access rights must not be transferred to anybody else...."
Would that fulfill the criteria; also on another point they havent followed the gross misconduct guideline as stated in my employee handbook; I have not been notified of any investigation and it doesnt seem that this falls under gross misconduct in the staff handbook.
Let me know what you think, of course I have read that working less than 2 years at an employee can now be a problem with claiming unfair dismissal; however surely and employer is not allowed to break a contract.?
Many Thanks,0 -
Hi mgdavid,
Normally this is something that wouldnt be a big thing; but remember that the people I am working for are devious and have been secretly accessing our clients financial records. This unfortunately is not all black and white and as you know once you have someones password especially if they are off sick; there is serious implications of fraud. Also you must remember that there is little to no need for them requiring the password; this password can be reset by themselves and my account can be disabled if need be; also there is a reason why policy normally states one should never share ones password with others; as it removes accountability?. If I use this password for personal accounts? and more so in security this is a fundamental lack of identity and authentication; for authentication in a domain is how one proves his identity. I specialize in IT security so apologies if I come across condescending. This is the equivalent in some senses of someone providing his private key in cryptography. If this was done; anyone could impersonate that individual. In my circumstance since I know the password it would imply that I sent or did that particular activity; malicious or whatever it might be. Passwords tied to an identity should never be shared; especially when this can implicate fraudulent accountability. This is an IT security standard; and is similar to how anything works that proves you are who you say you are. Unfortunately it seems UK law is still to catch up with security best practices.
Many Thanks,0 -
Also to mention that multiple domain accounts have been setup; and my account provides no special privileges but those of my identity. Email and files can be shared without the need of a password.
They are no passwords as in plural; I have already given them all passwords; its my personal one that they require. Another think to add as history to provide a solid understanding is that one of the directors in the past secretly connected when I would do updates over the weekend and sabotage my work. So you must understand the types of people I am dealing with.
Also if you are aware of AD in Microsoft server; they provide a +1 index whenever something on an account is changed; if a password is changed; this can be audited and accounted; however if I give them my password; they can implicate myself in anything shady that happens under that account.
Put it this way; if you worked for google and you were let go because you would not give your personal user password; when they have full ability to reset an gain access whenever they like. What do you think there intentions would be for asking and then dismissing you as a result? The only benefit would be that I would be still accountable for anything that happened under that account as I still know the password.
So my question to you would be; why would they not just change it?JohnMalkovich wrote: »Hi mgdavid,
Normally this is something that wouldnt be a big thing; but remember that the people I am working for are devious and have been secretly accessing our clients financial records. This unfortunately is not all black and white and as you know once you have someones password especially if they are off sick; there is serious implications of fraud. Also you must remember that there is little to no need for them requiring the password; this password can be reset by themselves and my account can be disabled if need be; also there is a reason why one should never share ones password in IT as it removed accountability?. If I use this password for personal accounts? and more so in security this is a fundamental lack of identity and authentication; for authentication in a domain is how one proves his identity.
Many Thanks,0 -
Hi BazzyB,
Apologies for spamming here; on a moral non legal note; I very much disagree with that note; for they already have access to the system/computer; it is instead the identity that I used they which they need access too. Further more worse than this is that they require it without it being reset; meaning I will still know the password; if anything is therefore done under this account; Am I still not liable or does this lawfully negate once a password is given; absolving one of any activity under the account. This is of course not the case; which is why when an existing employee leaves; the account password is either changed or disabled.
Of course I appreciate your answer still; I know morality or what is right and wrong is not expressed in law always. Such as for instance a recent trend for corporations to sell poisonous chemicals in products without any testing of long term affects etc.. It appears to be common in our world. I'm just hoping that I can get justice in its true sense of freedom of self. Surely i should not be subject to personal injustice for something as silly as this. Especially when this has no implications for the company; but major implications for myself if this trust is abused; well it has already been in the past; which is definitely why I cant trust them with this now; regardless of law or not and regardless of whether I am pay'd for work performed.
Many Thanks,0 -
If something happened whilst you were off sick, and somebody else had access to your password, then it would be obvious to anyone that it was not you who had stolen financial data, sabotaged work, sold poisonous chemicals or whatever other nonsense you have imagined they will get up to.
Requesting your password does not necessarily equate to them having some sinister plot and again I believe you were wrong to withhold it. You clearly have absolutely zero trust in your employer and if you have expressed this in any way to them I am not surprised in the slightest that they are now looking to charge you with gross misconduct due to your behaviour.0 -
JohnMalkovich wrote: »Background:
Over the past year I have worked for a company that I have put in over 40+ hours a week including overtime to try and improve the business due a failing IT infrastructure. On numerous occasions the lack of employees internally has been mentioned. Regardless I have worked there for around a year and 4 months. Within the last month; with the increasing stress; I called in work for sick leave. - You've worked less than 2 years - no unfair dismissal claim is possible
I have an bad impression of my employer beforehand and knew this would mean they would deal with the incident in whatever “cruel”(for lack of a shadier word) manner they could get away with. Despite everything else; I needed the time off as I was dealing with too much else. Work attended my home and started speaking to my family about how I was trying to blackmail them by not giving them my personal work password. - Obviously your family could've asked them to leave at any stage. Up to them to act. On an account before I proceed because I know this might to non technical individual seem like a big thing. I described to them that the password they were requesting was something I could not give them under IT security policy and would be considered a breach of security as well as a breach of my identity. - That's possibly true, BUT it's not up to you to decide that, it's whatever the policy says. IG policy at my work doesn't allow me to share my password, but IT can obviously access my account with authorisation likewise I have also mentioned that the other password which they were requesting was something I did not setup(BIOS password; which is easily reset in 5 minutes by removing CMOS battery etc). - In which case why not share this? In regards to how critical this is. Please understand that they are able to reset this internally and there is no reason why I had to spell it out. - Well actually there is. I of course advised how they could reset the password if need be and sent them a guide to pass onto their own technical personnel; which I must advise is only 1 apprentice and a graduate with less than 2 years IT experience in total. - not sure how that's relevant, you wrote a guide instead of just giving them the password. Of course I am not responsible for any mismanagement on their side; and I don't feel I should hold any responsibility for the lack of knowledge etc..
I have received an email today advising that I have infringed on gross misconduct as I wouldn't supply my personal work password(due to employee handbook(which I will get to later)); which I would also like to re-mention can be reset by themselves as they own the IT infrastructure(EG: Google can reset passwords for its gmail users; and if they like, obtain access). Being from an IT background and specializing in Security; I feel I have followed best laws and practices. - but have you followed policy?! I gave them over 200 passwords for there systems however was interrogated for one(my one which held no special privileges despite that it was my identity); by which they could reset themselves and which if I gave would compromise security authenticity. I did and still do not trust my employer and feel that they might use my own account maliciously to pinpoint crimes of my behalf. - except that's not possible.... Of course if they reset the password this would show in the system; which would absolve myself of any activity committed afterwards.
Another thing to mention is in the gross misconduct letter sent to myself they repeatedly asked for documentation and other terms which were not mentioned in person however were repeatedly mentioned in written form; even when I advised that all documentation had been handed over.
I am in a position which I have read through the employee handbook and see no mention of having to tell anyone my personal password(only mention of intellectual property). There was no basis for needing this; so it made it more suspicious in nature; more so is that I supplied an alternative solution by which they appeared happy with; but after a few days receive an email advising of misconduct and termination but no mention as to whether the true technical solution which the directors were trying to imply was why they needed by personal work password for; in order to resolve. In IT security we have a term called non-repudiation; and passwords are very central to proving one's identity. An example would be that you are indeed receiving this current email from myself. John Malkovich; however if Peter and John Doe knew my password it would no longer be true whether it was actually indeed John that sent the email; of course I struggle as many fields don't understand IT aspects. I was more worried due to the nature of the request which seemed absurd. Asking for a personal work password as a reason to resolve something that did not need the password in the first place. I wont keep on going on about this; because I think the concept of non-repudiation and the background of the discussion has been highlighted. In this case they had my account been used for something illegal it would have been hard; since my name is attached to deny involvement; for this purpose what they were asking for exceeded general IT processes and potentially put myself at risk with the law. However they had all the power to reset this themselves to gain access. - I think your point is totally irrelevant from an employment law POV
Further yet work harassing myself when I was off sick(visiting my family's home and advising that I am trying to blackmail them). I am wondering if this is indeed something that I may do something about. I at the time was very angry that they had disregarded my privacy. While speaking with themselves I mentioned that I did not want them coming to my home and that the reasons for them going to the extent they have when the issue can be resolved technically on the IT side within 15minutes appeared absurd. I do question whether they had reasons to try and dismiss myself before returning to work; being afraid that i might discover something else which they have done. - Doesn't matter
More so than that at confrontation outside my door; I was threatened that they would not pay myself for sick leave to date. - did they pay you? Later to this I of course as mentioned receive the gross misconduct letter but am told I will not be paid unless documentation(told them on numerous occasions they have already been supplied with this), my personal work password(reasons stated above) and passwords(which is nothing less than a term that has no backing). I of course know this is a “sales” technique on their side to provide justification for fair dismissal; however it is obvious to myself that most of what has been sent is nothing less than willing ignorance of what has been stated in written and verbal form beforehand. - the dismissal is fair.
Please let myself know what you think; or if you could refer any key points that i can fight this legally. Also your opinion if I can win this is very much helpful.
Non-Repudiation Definition - searchsecurity.techtarget.com/definition/nonrepudiation
You are entitled to pay, notice (one week) and annual leave accrued - you may need to go to small claims to get it.
the dismissal is fair.0 -
JohnMalkovich wrote: »Regardless I have worked there for around a year and 4 months. Within the last month; with the increasing stress; I called in work for sick leave.
I stopped reading at this point - you've no claim - move on, improve your health and hope the company gives you at worst a neutral reference for any future role
Given your issue beng an employee have you considered working for yourself ?0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards