Can Your Employer Request Your Work Computer Password?

Former Employee Asked for Password After Being Fired

Reddit users have recently been captivated by the story of a worker who, after being dismissed 6 months ago, was contacted by the company to provide the password for the account connected to the company computer (which had been duly returned at the time).
The former employee’s password was requested due to the alleged impossibility of resetting the device in order to use it and assign it to other employees.

The Issue of Data Privacy and Employer Control

This incident has sparked a broad debate on personal data privacy, employer control over company devices, as well as the security mechanisms and management of IT devices (which in this case seem to have significant shortcomings).
While the incident occurred abroad, a similar situation could happen anywhere company PCs or smartphones are used.
This raises questions about Italian legislation regarding this matter.

According to Italian law, can an employer ask for the password to a company PC?

Employers are responsible for carefully managing electronic device passwords and IT systems, ensuring adequate security measures and protection.
Employers must create passwords, securely communicate them to employees, provide training, and request periodic changes.
It is essential for access credentials to be unique to each worker.
Consequently, the company has no right to know the passwords used by employees on company devices, although they may access them by informing the employee and, if necessary, requesting their cooperation in case of emergencies or urgent work purposes.

When an employee is required to return a company-provided electronic device (PC, computer, or smartphone) for any reason, it is strictly prohibited to delete data or restore the device to factory settings without authorization.
Data may only be deleted when explicitly requested by the employer; otherwise, only personal data should be removed.

Consulting the company’s regulations is advisable, as they typically outline the procedures to follow.
Failure to comply may lead to dismissal for just cause, breaching the mutual trust and faithfulness in the employment relationship.
The company may also seek compensation for damages.
Business materials are considered company assets and must be diligently preserved; furthermore, deleting them could constitute the crime of computer tampering.

In the mentioned case, the situation is quite the opposite, as the employee allegedly did not delete anything and left their account linked, effectively preventing access by the employer.
Despite the dismissal, such behavior is deemed inappropriate as it breaches the return agreement since the company has regained possession of the device but cannot use it.

Company email, computers, and smartphones are owned by the employer, who has the right to reclaim possession of company assets when necessary.
In this case, legal action could be taken against the former employee to regain access or seek compensation for damages caused, even without disclosing their credentials.

Read also: Using a Company PC for Personal Purposes: Potential Risks