Skip to content

Can you view your employee’s non-work messages as part of an investigation?

Blog

It is not uncommon for employees to use their email or work systems in non-work contexts – my work calendar, for example, is peppered with dinners, doctor appointments and birthday reminders. This is all there for my colleagues to see, but can there be instances when communications at work should properly be considered private and confidential and not, therefore, open for the employer to go and look at or demand to see?

This question can often arise in the context of workplace investigations where alleged misconduct relates to activities or relationships at work that have gone beyond professional boundaries or expectations. For example, you might be investigating allegations of harassment or bullying where the complainant and the accused have previously had a personal relationship or friendship, which developed at work (which are complex to investigate for many reasons).

This blog is looking specifically at questions of evidence and whether you can, as the investigating employer, either request to see non-work communications between your employees, which have been conducted over work-based platforms (eg email, Teams, Slack), or carry out your own searches of such systems.

You may be thinking, “of course you can!” - these are work-based platforms ultimately controlled and operated by the employer and intended for work use. However, despite this and what privacy notices or IT policies might say (although these are still very relevant), the employee may have a reasonable expectation of privacy in relation to non-work communications shared at work on work platforms, and consider these to be confidential to them. To give a slightly clunky analogy, just because an employee’s desk and stationery is owned by the employer and sits on the employer’s property, does not give the employer an automatic right to look through the employee’s drawers and read their notebooks, especially if it is marked “private journal” or “life admin” for example.

There was a recent court of appeal case that considered this issue (see Ian De Freitas’ blog on the case), albeit in a slightly different context. In this case, emails that had been sent from the employee’s work email on non-work related matters were believed to contain relevant evidence about the issues in dispute. The employee sought to argue that the emails were private and confidential. The court did not agree. It found there was no reasonable expectation of privacy here. A number of factors were considered relevant by the court in reaching this conclusion, with none being determinative or decisive, including the fact:

  • The email account was owned by the employer.

  • The employer controlled the passwords.

  • The employee had not sought to designate emails as work or private.

  • It was a general enquiries email account and was used by others.

This is an interesting decision and although it found in the employer’s favour it does suggest that there may well be instances when an employee does have a reasonable expectation of privacy over their accounts such that it would not be permissible for an employer to search them. For example, where the emails had been clearly marked as private, the passwords and / or the account is not controlled by the company (even if they are used for business), the email account is used by only the specific employee etc.

In an investigation it is important to pause before seeking out evidence to ask whether you have a lawful basis on which to see this information. Whether you are relying on the cooperation of employees or taking matters into your own hands, you still need to be thinking through good data protection practice when doing so, focusing on what is proportionate and necessary, and getting advice where needed. Some useful things to consider (in addition to the points above) will be:

  • The sensitivity and nature of the data you might expect to find – with extra care to be taken where the information you are looking for comprises, or may be mixed up with, obviously personal and/or delicate matters.

  • The nature of the concerns – eg serious allegations amounting to criminal behaviour may justify more robust search measures.

  • Whether you really need the information to investigate the concerns.

  • Whether it is possible to seek consent to access the materials, bearing in mind that:

    • Consent may not always be meaningful or freely-given within an employment relationship.

    • You may need the employee’s cooperation, or need to give the employee instructions to search their device (eg to access their WhatsApp messages), and

    • You may need the information / evidence regardless of the person’s consent.

  • Is the search targeted: ie are you looking for specific information in work-related context, rather than simply browsing staff accounts for matters of interest.

  • Will your review be proportionate and reasonable, eg is there a way of conducting your searches that mean it will be more targeted and less likely to recover, or read, irrelevant information.

  • What do your policies say about what you can and cannot process – does it permit the search.

  • How many people really need to see the information, and how long the investigator should keep it.

  • Have you recorded the reasons for accessing the information.

  • How will you ensure it is held securely.

These are some initial considerations and each case should be looked at on the facts, but the key takeaway here is don’t assume that because the email address ends with your company name that you have carte blanche to access it. Complex investigations almost always raise tricky issues of privacy, confidentiality and data protection. We work closely with our data team to ensure these issues are identified and pragmatically managed throughout the life of the investigation. With very many thanks to Owen O’Rorke from the data team for his input into this piece.

If you require further information about anything covered in this blog, please contact Kathleen Heycock, Maria Strauss or your usual contact at the firm on +44 (0)20 3375 7000.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, August 2022

Want to know more?

Contact us

About the authors

Kathleen Heycock lawyer photo

Kathleen Heycock

Partner

Kathleen's legal expertise and pragmatic approach is welcomed by both her employer and senior executive clients.  She believes in getting know her clients so that she can ensure they achieve an outcome that meets their immediate objectives and that also fits with their long term professional and personal goals.

Kathleen's legal expertise and pragmatic approach is welcomed by both her employer and senior executive clients.  She believes in getting know her clients so that she can ensure they achieve an outcome that meets their immediate objectives and that also fits with their long term professional and personal goals.

Email Kathleen +44 (0)20 3375 7113
Maria Strauss lawyer photo

Maria Strauss

Partner

Maria advises a broad spectrum of clients including private companies, not-for-profit organisations, independent schools, banks, sports clubs, Churches and faith-based organisations on employment law and safeguarding matters.

Maria advises a broad spectrum of clients including private companies, not-for-profit organisations, independent schools, banks, sports clubs, Churches and faith-based organisations on employment law and safeguarding matters.

Email Maria +44 (0)20 3375 7259
Owen O'Rorke lawyer photo

Owen O'Rorke

Partner

Owen is a rights specialist with expertise in data protection and intellectual property, and considerable experience in both contentious and advisory contexts. He is a recognised authority in information sharing and data privacy in schools, fundraising, and the sports sectors, with a particular interest in safeguarding.

Owen is a rights specialist with expertise in data protection and intellectual property, and considerable experience in both contentious and advisory contexts. He is a recognised authority in information sharing and data privacy in schools, fundraising, and the sports sectors, with a particular interest in safeguarding.

Email Owen +44 (0)20 3375 7348
Back to top