In this article we consider the legal issues regarding misuse of email in the workplace and what employers can do to protect their businesses.
Whilst most of us will have sympathy for the receptionist who was the unfortunate sender of the now infamous "#sandwich van" email, the story serves as a timely reminder of how quickly email misuse can spiral out of control and impact upon the reputation of a business.
The vast majority of businesses now use email in the workplace, taking advantage of the speed and ease of communication. With this ease of communication comes a sense of intimacy and informality which can lead to a variety of issues including allegations of bullying and harassment, the making of defamatory comments and unfortunate "viral hits".
As a minimum, employers should ensure that they have the right to monitor the emails of employees. However, while an employer cannot possibly monitor each and every email sent out by its employees, it can put in place policies and procedures to try and minimise the damage which may flow from email misuse by staff.
The Information Commissioner's office has issued a Code of Practice on monitoring emails in the workplace. Continuous monitoring of employee emails is likely to be seen as excessive processing of personal data (and would not be practical in most cases). Employers should therefore make clear, in any policy, in what circumstances they will monitor emails, how and for what purpose it is done, the methods to be used and with whom employees should raise any queries about the monitoring.
Normally, an employer should not monitor emails marked as "private". However, in some circumstances it may be necessary for an employer to review such emails. Employees should be reminded that they should not have an expectation of privacy if sending and receiving e-mails from work equipment and that, even though an email is marked as private, this will not prevent the employer from viewing that email, should it become necessary (for example, if there were any allegations that a group of employees were bullying another employee by making derogatory comments about that employee via email conversations).
Employees should also be reminded that deleted emails may still be held on the employer's servers and may still therefore be subject to monitoring.
Employers should also put in place policies explaining what constitutes proper e-mail usage. This should clearly set out what the employer considers to be an acceptable level of use. Additionally, if the employer permits personal use of emails, the policy should clearly set out when use for personal purposes is permitted, and what a reasonable amount of personal use is. This should reflect reality; in most businesses it is unlikely to be realistic to ban all personal use for example.
Policies should also set out what the employer considers to be inappropriate use. For example, sending emails with inappropriate content (such as offensive or pornographic emails). Employees should be informed about the consequences of email misuse and links should be made with the disciplinary policy.
Provisions should also be made within email policies to enable employees with concerns about other employees' misuse of email to raise grievances or to raise concerns through any bullying and harassment policy.
Employers may also wish to give practical tips on email etiquette and provide instructions on using a consistent corporate style.
Getting it wrong
The cost of getting it wrong could be significant; where a group of employees are misusing email such misuse may result in allegations of bullying and harassment (and possibly discrimination) by employees who are the subject of "email banter". In a worst case scenario this could escalate to resignations and employment tribunal claims.
In addition, there are potential commercial issues if a company's relationship with a key client is damaged by an unfortunate email sent in error. And, in extreme cases, an employer could become the unfortunate victim of the next viral hit!
Practical tips for employers
- Putting in place robust IT policies (linked to other appropriate policies).
- Communicating these effectively to staff.
- Training staff regularly on the importance of appropriate business communications.
- Implement policies consistently.
- Keeping policies under review so that they can be appropriately updated to reflect the fast moving pace of technology.