Senior engineer dismissed for leaving sensitive data on unencrypted USB stick in car park
A Senior Control Systems Engineer with over 20 years' service was fairly dismissed for gross misconduct after leaving an unencrypted USB stick containing official sensitive data in a car park. The tribunal rejected her claims of unfair dismissal and disability discrimination.
1 min read · Last updated 18 May 2026
Case details
- #data-breach
- #unencrypted-usb
- #official-sensitive-information
- #long-service
- #disability-discrimination
- #conduct-dismissal
Key facts
- The claimant was dismissed for gross misconduct after leaving an unencrypted USB stick containing official sensitive data in a car park.
- The claimant had worked for Sellafield for over 20 years as a Senior Control Systems Engineer.
- The respondent conceded the claimant was disabled from March 2017 due to asthma, chronic pain, endometriosis, and IBS.
- The claimant's disciplinary hearing was held on 19 July 2018 and she was summarily dismissed.
- Two internal appeals were heard and both upheld the dismissal decision.
- The tribunal found the dismissal was within the range of reasonable responses and the discrimination claims were not well founded.
Timeline
-
Security meeting about lost USB sticks
The claimant was invited to a meeting regarding a black mesh bag found in the car park containing USB sticks with Thorp PDC data.
-
Operation Alduin report completed
A report on the data breach was produced, detailing the seriousness and impact on Sellafield resources.
-
Investigation meeting with Matthew Makin
The claimant attended an investigation meeting with her union representative.
-
Investigation report completed
Matthew Makin concluded there was a case to answer for misconduct.
-
Disciplinary hearing
The disciplinary hearing took place before Graham Norman; the claimant was dismissed for gross misconduct.
-
Dismissal confirmed in writing
The claimant received a letter confirming summary dismissal and her right to appeal.
-
First appeal hearing
Steve Bostock heard the first appeal; he did not reach a final decision immediately.
-
First appeal rejected
Steve Bostock sent a letter rejecting the appeal.
-
Second appeal hearing
Heather Roberts heard the second appeal and decided not to uphold it.
-
Claim presented to tribunal
The claimant presented her claim form to the Employment Tribunal.
The legal issue
The tribunal had to decide whether the dismissal for misconduct was fair and whether the employer had discriminated against the employee by failing to make reasonable adjustments, direct discrimination, or discrimination arising from disability.
The outcome
The tribunal dismissed all claims. It found that the employer had a genuine belief in the employee's misconduct based on a reasonable investigation, and that dismissal was a proportionate response to the serious data breach. The discrimination claims were rejected because the employee failed to show that any treatment was because of her disability or that the employer failed to make reasonable adjustments.
No compensation was awarded.
Lessons & takeaways
- Even long-serving employees can be fairly dismissed for a single serious breach of data security rules.
- Employers should conduct a thorough investigation and consider all relevant factors, including length of service and personal circumstances, before deciding on dismissal.
- To bring a successful disability discrimination claim, employees must link the alleged treatment directly to their disability, not just to their absence or conduct.
- Representing yourself at tribunal is possible but challenging, especially when facing experienced counsel and complex legal issues.
A costly mistake in the car park
This case shows how a single lapse in judgment can end a long career, even when the employee has an unblemished record and a disability. The claimant, a Senior Control Systems Engineer with over 20 years' service at Sellafield Ltd, left an unencrypted USB stick containing official sensitive data in a car park. The data breach triggered a major security response and led to her summary dismissal for gross misconduct.
What the employer did right
The tribunal noted that Sellafield Ltd carried out a reasonable investigation, gave the employee a fair disciplinary hearing, and considered two internal appeals. The decision to dismiss was within the 'range of reasonable responses' that a reasonable employer might adopt. The employee's long service and disability were taken into account, but the seriousness of the breach — involving unencrypted sensitive data in a high-security environment — justified the outcome.
Why the discrimination claims failed
The employee argued that her dismissal and other treatment amounted to disability discrimination. However, the tribunal found no evidence that the employer knew or ought to have known that her disability was a factor in the misconduct. The data breach was not caused by her asthma, chronic pain, or other conditions. The employer had made adjustments for her health needs, and the dismissal was based on conduct, not disability.
What this means for similar claims
For employees, this case is a reminder that data security breaches are taken extremely seriously, especially in sensitive industries. Even if you have a disability and long service, a serious breach can lead to fair dismissal. For employers, it reinforces the importance of following a fair process and considering all circumstances, but also that a robust security culture may justify dismissal in such cases.
Similar cases
24-year manager dismissed for falsifying delivery records: tribunal upholds gross misconduct decision
An operations manager with 24 years' service was fairly dismissed for gross misconduct after making unauthorised manual carded entries and giving incorrect explanations. The tribunal rejected both his unfair and wrongful dismissal claims.
Delivery driver dismissed for lateness: ADHD discrimination claim fails
A delivery driver with ADHD was dismissed for persistent lateness while on a final warning. The tribunal rejected her claims of unfair dismissal and disability discrimination, finding the employer acted reasonably.
Furlough breach: dismissed for travelling abroad without permission
A general operative who flew to Slovakia while on furlough was fairly dismissed for gross misconduct, the tribunal has ruled.
Associate specialist surgeon resigned after accessing ex-wife's medical records: tribunal upholds employer's process
A Cardiff tribunal dismissed claims of unfair dismissal and disability discrimination by a surgeon who accessed his ex-wife's medical records without consent over 13 years. The tribunal found he resigned voluntarily and the employer's disciplinary process was fair.
