Should private emails be private in the corporate world?

In the world of social media and the internet, Matt Gingell examines the complex issue of whether a business can scrutinise employees’ private activities

Click to follow
The Independent Online

Do “female irrationality” and “skinny big-titted broads” ring any bells? Let me jog your memory, the Scudamore sexist email scandal - a classic example of the employer being caught in the headlights.

Richard Scudamore, the chief executive of the Premier League, sent/forwarded emails to a friend containing sexist comments as part of an email exchange.  A temporary personal assistant searched his private account and leaked the emails to the Sunday Mirror. After carrying out an investigation with a law firm, the Premier League decided to take no further action.

Their reasoning: the emails were private communications between long-standing friends; they had been obtained without authorisation from a private account; and there was no evidence of wider discriminatory behaviour.  Privacy prevailed but for the Premier League, with the sexist banter and no red (or even yellow) card shown, a barrage of criticism ensued. So, what is the law on privacy?

The European Convention on Human Rights, which is incorporated into UK law, states that everyone has the right to respect for their private and family life, their home and their correspondence. Although only public bodies must expressly comply with this, it is relevant to all employers (including the private sector) as Courts and tribunals must interpret, as far as possible, all legislation consistently with the right. There are only limited situations where the right may not apply, one, for example, being if there are national security concerns.

Under employment law, employees, generally with two years’ service, have the right not to be unfairly dismissed.  Employees may be dismissed fairly though for misconduct inside or outside work.

A key question would be whether the misconduct affects or could affect the employee’s work in some way or whether there is or could be reputational damage to the employer. Incidents outside work might include those involving violence, sexual conduct, other discriminatory behaviour or dishonesty. In one particular case an employee of a charity working within the prison community was dismissed fairly for sending an offensive email outside working hours from his home computer to a former colleague’s home computer.

The recipient forwarded the email with racist and sexist content to the recipient’s workplace, which happened to be a prison, and the employer got wind of it. The Employment Tribunal decided that there was potential damage to the employer’s reputation; procedures had been followed correctly; and the decision to dismiss was fair and fell within the reasonable range of responses open to the employer. On privacy, the tribunal found that the employee could not have expected the email to have been private given that it was headed “IT IS YOUR DUTY TO PASS THIS ON!” 

What about applying this reasoning to Mr Scudamore’s “foul play”? Well, the emails had sexist content, were sent from a private account and there was serious risk to reputation. The main difference was that the emails were not headed in the same way. Is this critical? It is true of course that Mr Scudamore may have had far less reason to think that his email chain could be passed on, and the issue of privacy (as well as the issue of how the emails were obtained) would be relevant to fairness. Arguably, though, the Premier League might still have had grounds to dismiss.

The Scudamore emails were leaked, rather than obtained through employer monitoring, but does an employer have the legal right to go snooping on employees? Data protection law requires employers to provide detailed information to their employees about the employer’s monitoring activities. Employers should also have legitimate grounds for the monitoring and avoid unjustified intrusions into the employee’s private life.

The monitoring of email content from private accounts, for example, would be seen as one of the most intrusive forms of monitoring - and could be hard to justify. The Employment Practices Code issued by the Information Commissioner contains important guidance on monitoring and good practice recommendations.

When it comes to monitoring, employers should also consider the interception of communications framework. Before an interception, normally consent from the sender and recipient is required. Employers may, however, intercept communications which are “relevant to the business” without obtaining consent. The difficulty though is how will an employer know for certain if an email is relevant to the business without opening it? Answer: not easily, and then it could be too late!

The whole thing is a managerial headache – and as the line between private and business life continues to blur employers will have to grapple with competing interests. My best advice is: have a monitoring policy; consider your options carefully when faced with difficult privacy issues; and unless you know what you’re doing don’t spy on your team!

Matt Gingell is a Partner at law firm Gannons which specialises in employment and commercial law: